TY - GEN
T1 - Secure sensor network SUM aggregation with detection of malicious nodes
AU - Choi, Sunoh
AU - Ghinita, Gabriel
AU - Bertino, Elisa
PY - 2012
Y1 - 2012
N2 - In-network aggregation is an essential operation which reduces communication overhead and power consumption of resource-constrained sensor network nodes. Sensor nodes are typically organized into an aggregation tree, whereby aggregator nodes collect data from multiple data source nodes, and perform a reduction operation such as sum, average, minimum, etc. The result is then forwarded to other aggregators higher in the hierarchy toward a base station (or sink node) that receives the final outcome of the in-network computation. However, despite its performance benefits, aggregation introduces several difficult security challenges with respect to data confidentiality, integrity and authenticity. In today's outsource-centric computing environments, the aggregation task may be delegated to a third party that is not fully trusted. In addition, even in the absence of outsourcing, nodes may be compromised by a malicious adversary with the purpose of altering aggregation results. To defend against such threats, several mechanisms have been proposed, most of which devise aggregation schemes that rely on cryptography to detect that an attack has occurred. Although they prevent the sink from accepting an incorrect result, such techniques are vulnerable to denial-of-service if a compromised node alters the aggregation result in each round. Several more recent approaches also identify the malicious nodes and exclude them from future computation rounds. However, these incur high communication overhead as they require flooding or other expensive communication models to connect individual nodes with the base station. We propose a flexible aggregation structure (FAS) and an advanced ring structure (ARS) topology that allow secure aggregation and efficient identification of malicious aggregator nodes for the SUM operation. Our scheme uses only symmetric key cryptography, outperforms existing solutions in terms of performance, and guarantees that the aggregate result is correct and that malicious nodes are identified.
AB - In-network aggregation is an essential operation which reduces communication overhead and power consumption of resource-constrained sensor network nodes. Sensor nodes are typically organized into an aggregation tree, whereby aggregator nodes collect data from multiple data source nodes, and perform a reduction operation such as sum, average, minimum, etc. The result is then forwarded to other aggregators higher in the hierarchy toward a base station (or sink node) that receives the final outcome of the in-network computation. However, despite its performance benefits, aggregation introduces several difficult security challenges with respect to data confidentiality, integrity and authenticity. In today's outsource-centric computing environments, the aggregation task may be delegated to a third party that is not fully trusted. In addition, even in the absence of outsourcing, nodes may be compromised by a malicious adversary with the purpose of altering aggregation results. To defend against such threats, several mechanisms have been proposed, most of which devise aggregation schemes that rely on cryptography to detect that an attack has occurred. Although they prevent the sink from accepting an incorrect result, such techniques are vulnerable to denial-of-service if a compromised node alters the aggregation result in each round. Several more recent approaches also identify the malicious nodes and exclude them from future computation rounds. However, these incur high communication overhead as they require flooding or other expensive communication models to connect individual nodes with the base station. We propose a flexible aggregation structure (FAS) and an advanced ring structure (ARS) topology that allow secure aggregation and efficient identification of malicious aggregator nodes for the SUM operation. Our scheme uses only symmetric key cryptography, outperforms existing solutions in terms of performance, and guarantees that the aggregate result is correct and that malicious nodes are identified.
KW - Aggregation
KW - Security
KW - Sensor Networks
UR - https://www.scopus.com/pages/publications/84874300697
U2 - 10.1109/LCN.2012.6423606
DO - 10.1109/LCN.2012.6423606
M3 - Conference contribution
AN - SCOPUS:84874300697
SN - 9781467315647
T3 - Proceedings - Conference on Local Computer Networks, LCN
SP - 19
EP - 27
BT - Proceedings of the 37th Annual IEEE Conference on Local Computer Networks, LCN 2012
T2 - 37th Annual IEEE Conference on Local Computer Networks, LCN 2012
Y2 - 22 October 2012 through 25 October 2012
ER -