Sensor Networks: privacy-preserving queries Nguyen Dinh Thuc University of Science, HCMC

Outline Introduction Privacy-preserving queries in sensor networks Privacy-preserving queries in two-tiered networks

Sensor networks introduction Wireless sensor network: – is a distributed system consisting of a large number of sensor notes – deployed in adverse environments that are being monitored Sensor notes: – collect and report data to the base station – use wireless multi-hop route In many application of sensor networks, some of the biggest concerns are efficiency, security and privacy preserving

Privacy-preserving queries: system model: network assumptions Network assumptions We consider a WSN consisting of 1 base station BS and n sensor nodes, denoted as N i BS has much more computation, storage and energy capabilities than sensor nodes BS and sensor nodes communicate with one another by using wireless medium Not all sensor nodes can directly communicate with BS, in such cases they need to use multi-hop path Sensor nodes don’t know the network topology but each sensor node knows its parent and children nodes

Privacy-preserving queries: system model: security assumptions Security assumptions – Assume that BS is trustworthy while any sensor node could be compromised – We only consider the attacks that outsiders or compromised sensor nodes eavesdrop sensor data, and reveal the data they receive/forward to the adversary Design goals – Privacy/confidentiality of querying results – Privacy of raw and intermediately data – efficiency

Privacy-preserving queries: solutions for range queries SMART (W. He et al) – A node’s data reading is partitioned into several pieces – These pieces are send to different nodes in network – BS receives all pieces and the summation of all data in network is revealed Scheme of Feng et al. – Each nodes i shares a secret S i with BS – Instead of reporting d i, sensor node i reports v i =d i +S i – From  v i =  d i +  S i, BS can deduce summation of all sensor data. W.He, X.Liu, H.Nguyen, K.Nahrsteld, and T.Abdelzaher, PDA: Privacy-preserving Data Aggregation in wireless sensor networks, Infocom, May 2007, Anchorage, Alaska T.Feng, C.Wang, W.Wang, and L.Ruan, Confidentiality protection for distributed sensor data aggregation, Infocom 2008, April 2008, Phoenix, Arizona

Privacy-preserving queries: solutions for answering exact queries: ideas General ideas Let x=(d 1,…,d n )  {1,…,2 m -1} n Let A nxn =[e 1 …e n ] where e i : i th column of A nxn Let x={d 1,…,d n } be the values of all the sensor nodes in the system, d i  {1,…,2 m -1}, (i=1,…,n) corresponds to the value of node N i BS maintains a non-singular matrix A nxn and each of sensor nodes N i has m successive columns When the sensor nodes propagate the values up the tree to the BS, they can help in reconstructing x

Privacy-preserving queries: solutions for answering exact queries: preparation System preparation before network deployment Assume that each sensor value is a binary number of m-bit length d i =(c i1 …c im ) BS is preloaded a binary matrix matrix A TxT, T=mxn Each sensor N i maintains m vectors of size Tx1 of A: {e i 1,…,e i m }, randomly chosen among T such vectors Note that in order to keep the individual reading secure, BS must not know the distribution of the vector. This can be done by a trusted third party

Privacy-preserving queries: solutions for answering exact queries: data collection Data collection Each sensor knows the time at which it needs to send its report to BS If sensor node is a leaf node: – Computes y=(y i1,…,y in )=c i1 e i 1 +…+c im e i m where d i =(c i1 …c im ) is value of sensor d i – Sent result to its parent If sensor is an intermediate node: – Computes y=(y i1,…,y in )=c i1 e i 1 +…+c im e i m where d i =(c i1 …c im ) is value of sensor N i – Sent z=y+z 1 +…+z k to its parent, where z i is report data of its i th child BS, upon receiving reports from all of its children (b i ’s), solves Ax=b to deduce n values of n nodes, where b=  i b i

Privacy-preserving queries: solutions for answering exact queries: a baby example BS N4N4 N5N5 N3N3 N2N2 N1N1 x4x4 x3x3 x5x5 x2x2 x1x1 {A 1,A 2 }, d=2{A 3,A 4 }, d=3 {A 5,A 6 }, d=2 {A 9,A 10 }, d=3 {A 7,A 8 }, d=1

Privacy-preserving queries: solutions for answering exact queries: discussion Advantages Accuracy. It can answer all queries without revealing each individual data of each sensor Privacy. Each node only knows its values No key distribution Aggregation. Topology independence Low computer overhead Disadvantages Large size data are transmitted Hai Vu, Thuc Nguye, Neeraj Mittal, and S.Venkatesan, PEQ: A privacy-preserving scheme for answering exact queries in distributed sensor data networks. Proceedings of the th IEEE International Symposium on Reliable Distributed Systems, pp , 2009.

Privacy-preserving queries in 2-tiered WSN system model We consider a WSN consisting of storages nodes and regular sensors Assume that each sensor generates data values in a fixed rate and periodically submits the collected data to the closest storage node En epoch is an interval time between two submissions All sensors are synchronized The data message from sensor s i contain the sensor ID (i), the current value (t) and data

Privacy-preserving queries in 2-tiered WSN system model Storage node Sink Query Reply

Privacy-preserving queries in 2-tiered WSN adversary model and Security goals Adversary model The adversary want to obtain the sensitive data information from the SN The attacker want to breach data fidelity Security goals Against compromised storage nodes Against compromised sensors

Privacy-preserving queries in 2-tiered WSN state-of-the-art Scheme of Sheng and Li Sheng and Li proposed a scheme to preserve the privacy and integrity of range queries in SN This scheme uses the bucket partitioning idea The basic idea is to divide the domain of data values into multiple buckets In each slot, a sensor collects data items, places them into buckets, encrypts them together in each bucket, and then sends each bucket along with its bucket ID to a nearby storage node When the BS want to perform a range query, it finds the smallest set of bucket IDs that contains the range in query, sends this set to storage nodes Upon receiving the bucket ID, storage node returns the corresponding encrypted data in all those bucket BS can decrypt the encrypted buckets and verify the integrity Bo Sheng and Qun Li, Verifiable privacy-preserving range query in two- tiered sensor networks, IEEE INFOCOM 2008 proceedings, pp

Privacy-preserving queries in 2-tiered WSN an algebraic approach: problem description Problem description Let A kxn be a matrix such that a ij  {1,…,N}, N>n d 1,…,d m  {1,…,N} where d i  d j,  i  j Let c i = a id1 +…+ a idm,i=1,…,k If given c i ’s (i=1,…,k), then d j (j=1,…,m) is one of solutions of the systems a i1 x 1 +…+a in x n = c i (*) i=1,…,n; where (x 1,…,x n )  {0,1}  Determining A kxn such that (*) has only one solution: (X 1,…,X n ) such that X i =1 if i=d j (j=1,…,m) and X i =0, otherwise  We will say (d 1,…,d m ) be a solution of (*), too.

Privacy-preserving queries in 2-tiered WSN an algebraic approach: necessary conditions Establishing necessary conditions for matrix A kxn Suppose that (d 1,…,d m ) and d p 1,….,d p m ; p=1,…,q be different solution of (*), then  j a idj =  j a id 1 j =  j a id q j = c i ; (i=1,…,k) Therefore (d 1,…,d m ) is unique solution if and only if  v  {1,…,k} such that –  u  {1,…,p}\{v},  j a id u j = c i ; (i=1,…,k) –  j a id v j  c i ; (i=1,…,k)

Privacy-preserving queries in 2-tiered WSN an algebraic approach: building matrix Building matrix A kxn 1.Generates a random matrix : A’ (k-1)xn such that a ij  {1,…,t}, t<<n 2.For each pair of solutions (d 1,…,d m ) and (d’ 1,…,d’ m ) of the system (*), let x d1 +…+x dm  x d’1 +…+x d’m, where x dj, x d’j  {1,…,N}, j=1,…,m After step 2) we receive an in-equation system in which each in-equation has form x d1 +…+x dm  x d’1 +…+x d’m where (d 1,…,d m ) and (d’ 1,…,d’ m ) are solution of (*). Let (a k1,…,a kn ) be a solution of this system, then (a k1,…,a kn ) is just k th row of the desired matrix

Privacy-preserving queries in 2-tiered WSN an algebraic approach: a tiny example

Privacy-preserving queries in 2-tiered WSN an algebraic approach: an example of a baby system Data={1,3,4,6}  c={10,5,21} Data={1,4,6,2}  c={9,7,28} Sensor i storage (j,t,{9,7,28}) (i,t,{10,5,21})