Computer Science Secure Hierarchical In-network Data Aggregation for Sensor Networks Steve McKinney CSC 774 – Dr. Ning Acknowledgment: Slides based on.

Slides:



Advertisements
Similar presentations
Chris Karlof and David Wagner
Advertisements

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)
Haowen chan  cmu Outline  The Secure Aggregation Problem  Algorithm Description  Algorithm Analysis Proof (sketch) of correctness Proof (sketch) of.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &
Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.
Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Security Issues In Sensor Networks By Priya Palanivelu.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
The Sybil Attack in Sensor Networks: Analysis & Defenses James Newsome, Elaine Shi, Dawn Song, Adrian Perrig Presenter: Yi Xian.
SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
Computer Science Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks Presented by Akshay Lal.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Secure Data Aggregation in Wireless Sensor Networks: A Survey Yingpeng Sang, Hong Shen Yasushi Inoguchi, Yasuo Tan, Naixue Xiong Proceedings of the Seventh.
Secure Aggregation for Wireless Networks Lingxuan Hu David Evans [lingxuan, Department of Computer.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
Aggregation in Sensor Networks
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,
Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian perrig, Virgil Gligor IEEE Symposium on Security and Privacy 2005.
Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
The Sybil Attack in Sensor Networks: Analysis & Defenses
Secure and Highly-Available Aggregation Queries via Set Sampling Haifeng Yu National University of Singapore.
Detection of Denial-of-Message Attacks on Sensor Network Broadcasts Jonathan M.McCune Elaine Shi Adrian Perrig and Michael K.Reiter.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Secure In-Network Aggregation for Wireless Sensor Networks
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
Modeling In-Network Processing and Aggregation in Sensor Networks Ajay Mahimkar The University of Texas at Austin March 24, 2004.
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
Security for Broadcast Network
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
Efficient Pairwise Key Establishment Scheme Based on Random Pre-Distribution Keys in Wireless Sensor Networks Source: Lecture Notes in Computer Science,
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes Haowen Chan, Adrian Perrig Carnegie Mellon University 1.
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
Location Cloaking for Location Safety Protection of Ad Hoc Networks
SPINS: Security Protocols for Sensor Networks
BROADCAST AUTHENTICATION
SPINS: Security Protocols for Sensor Networks
Presentation transcript:

Computer Science Secure Hierarchical In-network Data Aggregation for Sensor Networks Steve McKinney CSC 774 – Dr. Ning Acknowledgment: Slides based on CCS 2006 slides by Haowen Chan Research conducted by Haowen Chan, Adrian Perrig, and Dawn Song

Computer Science Outline The Secure Aggregation Problem Algorithm Description Efficiency Results Conclusions and Future Work

Computer Science In-Network Data Aggregation (( )) Q “What is the sum of all the sensor readings?” Answer: Why Aggregation?

Computer Science Sensor Reading Falsification (( )) Q Malicious node reports false sensor reading (Direct injection)

Computer Science Aggregation Result Falsification (( )) Q Malicious node reports false aggregation result

Computer Science Assumptions Unsecured, multi-hop network of n nodes with one untrusted base station Querier shares symmetric key with each node and all nodes are responsive Existence of broadcast authentication primitive ( μ TESLA) Nodes are capable of computing symmetric key and cryptographic hash operations

Computer Science Related Work Based on probabilistic detection or special cases Single malicious node –L. Hu and D. Evans [2003] –P. Jadia and A. Mathuria [2004] Flat aggregator topology –B. Przydatek, A. Perrig, D. Song [2003] –W. Du, J. Deng, Y. Han, P.K. Varshney [2003] Probabilistic Detection –B. Przydatek, A. Perrig, D. Song [2003] –Y. Yang, X. Wang, S. Zhu, G. Cao [2006]

Computer Science Contributions General hierarchical (tree-based) aggregation topologies Multiple (unbounded) number of compromised nodes Achieves tightest possible bound on adversary’s ability to change aggregation result Low communication overhead –O(log 2 n) edge-congestion

Computer Science Outline The Secure Aggregation Problem Algorithm Description Results Conclusions and future work

Computer Science By Example Consider the SUM aggregate Sensor readings are in the range [0, r] Each sensor submits a reading, a i, and its complement (r-a i ) Sum of legitimate sensor readings is S L Aggregate sum, S (and its complement, S’), must satisfy: –S + S’ = nr If this condition is satisfied, an adversary has, at most, conducted a Direct Injection attack, and The lower bound on S is S L and the upper bound is S L + μr, where μ is the number of malicious nodes

Computer Science The Algorithm 1.Query Dissemination  Query sent from Querier with nonce, N 2.Aggregation Commit 3.Result Checking

Computer Science Aggregation Commit Aggregation Tree Commitment Tree L A ={1, v A, v’ A, A} L B ={1, v B, v’ B, B} L AB ={2, v AB, v AB, H[N||2||v AB ||v’ AB ||A||B]} L ABCD ={4, v ABCD, v ABCD, H[N||4||v ABCD ||v’ ABCD ||AB||C||D]}

Computer Science Result Checking Novel idea: –Distribute verification process to the sensors –Previously: Querier performed probing Cannot probe every node Too much congestion near the base station Process –Querier sends the aggregate label(s) via authenticated broadcast to all nodes –Each node verifies its contribution is part of the aggregate using off-path labels –After verification, nodes send an authentication code up the aggregation tree: MAC Ki (N||OK) –The Querier verifies the authentication code

Computer Science Result Checking How are off-path labels distributed?

Computer Science Result Checking How do nodes verify their contribution? 22 =

Computer Science Result Checking Returning and checking authentication codes ⊕ 0101 ⊕ ⊕ 1100 ⊕ ⊕ 1111 Remember that the Querier shares a symmetric key with each node Therefore it can compute the XOR’d authentication code and compare to the received value: MAC K1 (N||OK) ⊕... ⊕ MAC Kn (N||OK) = MAC KA (N||OK)

Computer Science Balancing the Commitment Tree Unbalanced commitment trees yield long paths and high overhead Idea: Instead of one commitment tree, keep a forest of O(log n) complete commitment trees Can be constructed using Delayed Aggregation Only perform aggregation on subtrees of equal height

Computer Science Delayed Aggregation Naïve Approach Delayed Approach

Computer Science Efficiency Congestion measured in terms of most heavily loaded edge or node in the network Aggregation tree: –Edge:O(log 2 n) –Node:O( Δ log 2 n); Δ=highest degree of any node Commitment tree: O(log n)

Computer Science Conclusion Secure data aggregation algorithm –Suitable for general tree-based aggregation topologies –Resilient against multiple malicious nodes –Tightest possible guarantees on adversary detection (without assuming application knowledge) –Low O(log 2 n) edge congestion –Limitation: need to know the set of responding nodes Future Work: –Secure versions of more sophisticated aggregation functions –Defenses against sensor reading falsification

Questions?