1. DoS-Resilient Secure Aggregation Queries in Sensor Networks Haifeng Yu National University of Singapore http://www.comp.nus.edu.sg/~yuhf

2. Haifeng Yu (National University of Singapore)2 Background: Secure Aggregation Queries  Sensor networks often queries for aggregate information  Predicate count, sum, avg, etc  Usually obtained via in-network aggregation  Need for security:  Malicious sensors may report arbitrary readings – not much we can do  Malicious sensors may manipulate other sensors readings – want to prevent this Entire sub-tree affected 2 6 8 2 1 6 3 1 6 3 8 108 28

3. Haifeng Yu (National University of Singapore)3 Previous Work and Our Goal  [Chan’06,Chan’07,Yang’06]  Enables the detection of an incorrect result – user will then reject the result  But, attacker can keep corrupting the result and cause result to be rejected  DoS attack!  Analogy: Safety without liveness …  Our goal: Secure and highly-available aggregation queries  Tolerate the attacker instead of just detect it  This talk will use predicate count as an example…

4. Haifeng Yu (National University of Singapore)4 Protocol One: Set Sampling (Broadcast Sampling)  Sampling: More robust that aggregation  Challenge: If count is b, then # samples needed to obtain an approximation is  Solution: Set sampling (Broadcast sampling)  Sample a set of sensors in a single sample  Leverages special properties of sensor networks

5. Haifeng Yu (National University of Singapore)5 Protocol Two: Verifiable Aggregate Synopsis  Light-weight detection-only protocols  But maintain audit trails  Adopt ideas from duplicate-insensitive counting  Failure-free message complexity  FM synopsis [Flajolet’85]:  Exp synopsis [Mosk-Aoyama’06]:  Generate audit trails when under attack  Pinpointing protocol can later revoke malicious sensors