Secure Data aggregation in Wireless Sensor
Network: A Survey
Mukesh Kumar Jha,T.P. Sharma
MTech (NIT Hamirpur)National Institute of Technology Assistant Professor
Hamirpur Ideal Institute of Technology, Ghaziabad
Abstract: In the recent years,Wireless Sensor Network appears as an emerging technology which consists of thousands of small and low cost sensors. These sensors have limited power, computation, storage and communication capabilities. Communication among sensors consumes a considerable amount of energy and thus the amount of data transmission should be minimized in order to improve the lifetime of the sensors and effective utilization of the bandwidth. So data aggregation process is required which combines the data coming from various sensors, remove the redundancies in those data and then enroot them. But in hostile environment these aggregated data should be protected from several forms of attacks to achieve the security needs (like data confidentiality, data integrity and source authentication). Various protocols have been proposed for the secure data aggregation in wireless sensor network. In this paper we have discussed them with their merits and demerits
1. Introduction
A wireless sensor network is a collection of a large number of sensor nodes that have limited computation,communication and power resources. Due to the limited resources, the amount of data transmission should be minimized such that the lifetime of the sensor and bandwidth utilization can be improved.That’s why the concept of data aggregation has come into the picture.Data aggregation is the process of combining the data coming from various sources and enroute them after removing redundancy such as to improve the overall network lifetime. The in-network processing is done on the aggregator node. The aggregator node aggregate the data received from its child node as per the required aggregation function (like min,max,average,sum etc.) and send the aggregated result to the other high level aggregated node. But in hostile environment these aggregated result should be protected from the various type of attacks in order to achieve the data confidentiality,data integrity and source authentication. So securityis necessary to be employed with data aggregation.
2.Data Aggregation
The main aim of data aggregation is to eliminate the redundancy in the transmitted data so as to decrease to the amount of data transmission which saves a considerable amount of energy and bandwidth.Depending on the network structure data aggregation protocols are classified into two type:- tree based data aggregation protocol and cluster based data aggregation protocol.Consider a wireless sensor network that consists of three types of sensor nodes: sensing node, aggregator node and sink. Sensing nodes sense the data and send these data to the aggregator node. Aggregator node collects the data from a subset of sensing node, aggregate these data using appropriate aggregation function (like sum, avg, min, maxetc) and then sends it to the higher level aggregator or directly to the sink. Sink then process these data and find the useful information. In tree based data aggregation a tree structure is maintained in which the leaf nodes are sensing nodes, all non-leaf nodes are aggregator node and sink or base station is the root of the tree. In cluster based data aggregation nodes are divided into clusters, a cluster head is elected in each cluster which performs the aggregation process locally and sends aggregated data to the next cluster head in the path of sink or directly to the sink.
3. Security needs of Wireless Sensor Network
In hostile environment security is an important issue for the wireless sensor network. There are several security needs of wireless sensor networks that are discussed below:-
3.1 Data confidentiality
3.2 Data integrity
Data integrity ensures that the transmitted data has not been tempered either by the spiteful node or by any accident during the transmission.It means it ensures that the data are received as sent, with no duplication,insertion,modification, reordering.
3.3 Data freshness
Data freshness ensures that the transmitted data is fresh and not long past data has been used for the replay attack. So data freshness provides safety for the transmitted data from repay attack.
3.4 Source Authentication
Source authentication allows a receiver to verify that the data is truly sent by the claimed sender. An attacker without having source authentication can false show as like a node and gain the unauthorized access to the resources and secret information of that node to disrupt the normal operation of the network. So to prevent Sybil attack, source authentication is required.
In this attack, an attacker captures a node and gain access over the secret information stored in that node. Thus node compromise attack can influences the data aggregation results.
4. Secure Data Aggregation
Data aggregation protocols must have to satisfy the security needs as discussed above. The various approaches given for the secure data aggregation is classified into two groupsecure data aggregation on unencrypted data and secure data aggregation on encrypted data. Symmetric and asymmetric cryptography can be used for accomplishing the security needs. But due to the resource constrained sensor nodes symmetric cryptography is preferable. In symmetric cryptography a secret key is shared between two communicating parties.
4.1 Secure data aggregation on unencrypted data
In secure data aggregation on unencrypted data, an aggregator must have to decrypt the message coming from the various nodes, then aggregate these data by using appropriate aggregation function and send it to high level aggregator or sink only after encrypting the aggregated results. There are various protocols given for the secure data aggregation on unencrypted data which are discussed below:
In Secure Information Aggregation (SIA) [5], each sensor has a unique identifier and the secret key with the aggregator and the sink.Sink and aggregator stores a master key Ks and Ka(for the sink and the aggregator, respectively), and each sensor node stores the shared keys MAC (node ID) and MAC (node ID), whereMAC is a secure message authentication code. Thus, given a node ID, the sink and the aggregator can compute its shared key with the sensor node by using its master key and hence authenticate the sensor node’s message.SIA protocol consists of three phases:-aggregation, commit and proof
In aggregation phase, aggregator aggregates the data and mechanism has provided for the secure computation of median, max and min. In commit phase, aggregator shows the commitment and for this Merkle hash tree is used. By Merkle hash tree once aggregator sends aggregateddata to base station, it commit and it cannot change that value. In proof phase base station perform proof through communicating with aggregator and checking that the aggregated result is not different from the true value. An example ofMerkle hash tree is shown in the figure2. In this tree, all the sensed data are placed at the leaves of the tree and aggregator computes the hash on the sensed data of its children.
In Secure DAV [6], first a protocol for the establishment of secret cluster key is used for each cluster. Each sensor only shares the secret cluster key which is used for the partial signature generation on the aggregated data. Cluster Key Establishment (CKE) protocol is used for the secret cluster key generation and Elliptic Curve Cryptography (ECC) is used for the secure key management because it has smaller key size and faster computation. Second a Secure DAV protocol is used which guarantees that the sink does not accept the altered data for an upper bound of t compromised sensor within a cluster where t<n/2 where n is the number of nodes in the cluster. Custer-head computes the average on the sensors data within the cluster and sends this average to all the sensors. Sensor node then compare this average with its own data and if the difference between these two is less than a threshold then it generates the partial signature using shared secret key and sends it to the cluster-head. Cluster-head then generates the full signature after combining partial signatures from all the sensors within the cluster and then sends this full signature along with the average reading to the sink. Sink having possession of public key then verifies this signature. Integrity can be achieved using Merkle tree which is constructed by taking hash of the reading of its children.Secure DAV can be applied only to average aggregation function.
By using probability technique, SDAP[7] divide the node of topological tree into multiple logical groups (sub tree) of same size. To generate one group aggregate from each group, a hop-by-hop aggregation is performed in each group which is based on commitment.Commitment is used to guarantee that once a group commits a group aggregate, it cannot change or refuse later. Sink then find the mistrustful group by using multiple-outlier detection algorithm. To prove the correctness of its group aggregate, each group under mistrust participates in the attestation process. Agroup aggregate is thrown out by the sink if a group under attestation does not succeed to support its earlier commitment and the final aggregate is calculated over all the aggregates that have succeeded the attestation process.
Sink
a b
c
Fig3example of the aggregation tree in SDAP. Node a, b, c with colour red are leader node and the sink as the root is leader by default.
SDAP consists of three phases:- query propagation, data aggregation and attestation. In the first phase aggregation tree is constructed first and then sink propagate the query within this tree. The query consists of an aggregation function (fag) and a random number called as group seed (gs).In second phase i.e. grouping and aggregation phase, the concept of group leader selection and aggregation commitment has come into the picture. In group leader selection, two functions H and G are used. H is a cryptographic secure hash function and G is a grouping function. Each node let u is a leader node if followingequationis true
H (gsǀu) <G(c) ………(i)
Here c is the count value (to indicate how many nodes are participating to the aggregated data) of node u .once a node is selected as a leader node, all the node in its sub tree which is not grouped becomes its member. In aggregation commitment concept first packet format is defined. Each aggregation packet consists of sender node’s id, an aggregated value, a count value and a flag bit. If flag bit is 0 means further aggregation is required and if 1 then no further aggregation to be done.Pairwise key shared between parent and its child is used to encrypt the aggregate. A message authentication code (MAC) is also appended to packet and then aggregation is done. In final phase when the aggregated data reached at sink , sink calculate the key (Ku) to decrypt the data and thus gain the information about gs,aggregated value au and count value c.then it check the equation H(gsǀu)<G(c) . If this equation is not true then discard the packet if true then perform attestation.
detected. If the aggregated result from an aggregator is uncertain then a weighted voting scheme is introduced for taking the final decision about whether the aggregator node is cheating. If cheater aggregator node is found then a local recovery scheme is employed which rebuild the SAT such that the cheater node is removed from the tree. It does not provide data confidentiality.
In Energy Efficient Secure Pattern based Data Aggregation (ESPDA) [9], data aggregation and security both are employed for a cluster based wireless sensor network. The pattern codes are used to perform the data aggregation. The pattern codes are specimen data items that are extracted from the actual data and these pattern codes are selected in such a way that these contain certain characteristics of the corresponding actual data. Depending on the type of actual data, the extraction process may be different. The pattern codes of the sensor having multiple sensing units are obtained by combining the individual units. In ESPDA, sensor nodes do not transmit the whole sensed data. Sensor nodes first generate the pattern codes and then send the pattern codes to the cluster head. The distinct pattern codes are determined by the cluster head and then cluster head request only one sensor node to transmit the actual data for each distinct pattern. In this way ESPDA achieves both energy and bandwidthefficiency. Since cluster head do not require to decrypt the data for data aggregation process and no encryption/decryption key is broadcast so it also makes ESPDA secure. Byrandomly changing the mapping of data blocks to NOVSF(none orthogonal variable spreading factor) time slots , the proposed nonblocking OVSF(orthogonal variable spreading factor) blockhoping techniques further improves the security of ESPDA. Cluster head periodically broadcast the secret pattern seed to generate the pattern codes. The confidentiality of pattern codes is increased by using pattern seed (a random number). Therefore different pattern codes are produced for the same sensory data when pattern seed changes.
4.2 Secure Data Aggregation on Encrypted Data
Secure data aggregation on unencrypted data causes latency and also leaves aggregator nodes wounded to attacks because data will be decrypted at those aggregator nodes. Secure data aggregation using encrypted form of data overcomes these problems. In end-to-end secure data aggregation, aggregator nodes perform the aggregation on encrypted data without decrypting it. Thus in this way end-to-end data confidentiality is maintained. To provide end-to-end data confidentiality privacy homomorphism encryption is used.
To allow the direct computation on encrypted data, privacy homomorphism encryption is used. Suppose e represents encryption and d represents decryption. + and * represents addition and multiplication over a set of data D. Suppose Ks and Kp are the private and public key of the sink respectively. Then an encryption is called as additive holomorphic, if
x+y= ( (x)+ (y) ) here x,y belongs to D and an encryption is called multiplicative holomorphic , if x * y = ( (x) * (y) ) here x,y belongs to D
Since it supports addition and multiplication operation so it supports the aggregation which is based on addition and multiplication operations.
Various end-to-end secure data aggregation protocols are discussed below:-
Concealed data aggregation(CDA) [10] provides end-to-end encrypted data aggregation using privacy homomorphism encryption. Sensor nodes share a secret key from the sink and it is not visible to intermediate aggregator. It supports the end-to-end encrypted data aggregation for reverse multicast traffic between the sensors and the sink. In CDA aggregator performs the aggregation without decrypting the data and thus minimizes the delay caused by the decryption/encryption process. CDA protocol uses the Domingo-Ferrer’s encryption function [14]which is probabilistic due to the randomness involvement in the encryption process.In the Domingo-Ferrer’s the public parameter are a positive integer d>=2 and an integer g that should have many small divisors and there should be many integer smaller than g that can be inverted modulo g. The private key is k= (r,g’) where r and g are relatively prime i.e.gcd(r,g)=1 . log ′ defines the security level assured by this
function. Encryption and decryption is done as follows:
Encryption: Randomly split a€ ′ into a secret a1...ad such that ∑ ′ compute Ek
(a)=( modg , modg,..., modg)
Decryption: compute the jth coordinate by mod g to retrieve mod g. In order to obtain a compute
( (a)) = ∑ ′
The cipher text operation + is computed component-wise. The cipher text operation * is computed by cross multiplication of all the terms in having the -degree term and -degree term yielding a t- degree term. Then same degree terms are added.CDA provides data confidentiality but it does not provide data integrity.
and 0 ≤ m <N , here N is a large integer. K represents the key stream which is randomly generated and 0 ≤ K < N.
Encryption:
c = enc (m, K, N) = m + K (mod N) where c is a cipher text. Decryption:
m= dec(c, K, N) = c – K (mod N)
suppose c1 and c2 are two cipher text such that c1=enc (m1, K1, N) and c2=enc (m2, K2, N) then these two cipher texts are added as K=K1+K2, dec (c1+c2, K,N).this approach reduce the consumption of energy but it has expressive communication overhead due to the large aggregation tree because the aggregate data contains the list of failed nodes. It provides data confidentiality but it does not provide data integrity and source authentication.
Inn-layer data aggregation protocol [12] provides end-to- end to secure data aggregation using homorphism encryption and interleaved encryption. During the aggregation process a tree is dynamicallyconstructed. Aggregation keys are added and removed from the aggregated data in an interleaved manner. Each node has a secret key and a pair wise key .pair wise key is shared between that node and one selected node from its upper layer to send the aggregated data. All the nodes in the same layer have same secret key. This secret key is also known as aggregation key. This aggregation key will be removed by the node aggregating data in layer i-n. The pair wise key is removed by the node aggregating data in the upper layer.fig4 shows the aggregation process for n=3. This protocol guarantee that an attacker cannot get access of the aggregated data if he has captured less than n nodes where n is a security parameter. In order to access the aggregated data attacker must have to capture at least n consecutive nodes.
Fig4 data aggregation in a sensor network of layer 4 and with n=3
The approach given in [13] achieve end-to-end authentication where sink can directly validate the sensor data from the sources. This approach overcomes the problem that is faced by the existing privacy homomorphism that performs in-network processing for some specific query based aggregation function (sum, avg etc.).This approach employs the concept of digital watermarking to provide end-to-end data authentication. Authentication related information is modulated as watermark and superposed at the sensory data at the sensor node. The watermarked data is aggregated by the intermediate node without incurring any enroute checking. When the sensor data received at the sink, the sink authenticate the data by validating the watermark and thus in this way the sink detect that the data has been altered or not. By taking snapshot as an image at a certain time, it visualize the sensory data gathered from the whole network in which every sensor node is visualized as a pixel and its
f2
e2
g1
a4 b4
d3 c3
xa + xb + xc + xd + xe + xf+2k3 + 2k2 + k1 + kgs
xf+k2+kfg xa + xb + xc + xd +
xe+2k4 + 2k3+ k2 + keg
xa + xb + xc +2k4 + k3 + kce
xd + k3 + kde
xb+ k4 + kbc
reading as the pixel’s intensity. Digital watermarking can be applied to the sensor data because it is represented as an image. It employed the direct spread spectrum sequence (DSSS) watermarking for balancing the consumption of energy. Each sensor node embeds the whole watermark into its reading and left the watermark detection for the sink. Upon reception of aggregated and watermarked data, thesink validates the existence of the watermark and thus authenticity of data is checked.
It is a one way approach i.e. from sensor node to the sink .In the future it can be improved by making it the two way approach.
5. Comparison of Various Secure Data Aggregation Protocol According to Security Needs
Protocol Source authentication
Data
confidentiality Data integrity
SIA[ 5] Yes Yes Yes
Secure DAV[ 6]
Yes Yes Yes
SDAP[7] Yes Yes Yes
[ 8] Yes No Yes
ESPDA [9]
Yes Yes Yes
CDA[10] No Yes No
[ 11] No Yes No
[ 12] No yes No
[ 13] No No Yes
Table 1 Comparison of Various Secure Data Aggregation Protocol
7. Conclusion
In this paper a detailed overview of various secure data aggregation protocols have been presented. Second, the security needs and the various types of security attacks have also been discussed.Secure data aggregation protocols have been classified according to the type of data theyuse for the aggregation process. Advantage and disadvantage of the various types of secure data aggregation protocols are discussed. Finally the comparison between various types of secure data aggregation protocols according to the security needs have presented in a table.
References
[1] B.Krishnamachari, D. Estrin, S. Wicker, The impact of data aggregation in wireless sensor network, in: Proceeding of the 22nd International Conference on Distributed Computing Systems Workshops, 2002, pp.575-578.
[2] H. Cam, S. Ozdemir, P. Nair, D.Muthuavinashiapan, H. O. Sanli, “ Energy-Efficient Secure Pattern Based Data Aggregation for Wireless Sensor Networks” computer Communication, Vol. 29,No. 1, Elsevier, Dec 2005.
[3] Hani Alzaid, Ernest Foo, Juan Gonzalez Nieto,Secure Data Aggregation in Wireless Sensor Network: A Survey,in: Proceeding of the 6th Australasian Information Security Conference (AISC 2008), Wollongong, Australia, 2008
[4] SuatOzdemir, Yang Xiao, Secure data aggregation in wireless sensor networks: A comprehensive overview, Computer Networks, vol. 53, Elsevier, 2009,pp. 2022–2037
[5] B. Przydatek, D. Song, A. Perrig, SIA: secure information aggregation in sensor networks, in: Proceedings of SenSys’03, 2003, pp. 255–265.
[6] A. Mahimkar, T.S. Rappaport, SecureDAV: a secure data aggregation and verification protocol for wireless sensor networks, in: Proceedings of the 47th IEEE Global Telecommunications Conference (Globecom), November 29–December 3, Dallas, TX, 2004. [7] Y. Yang, X. Wang, S. Zhu, G. Cao, SDAP: a secure hop-by-hop data aggregation protocol for sensor networks, in: Proceedings of the
ACM MOBIHOC’06, 2006.
[8] K. Wu, D. Dreef, B. Sun, Y. Xiao, Secure data aggregation without persistent cryptographic operations in wireless sensor networks, Ad Hoc Networks 5 (1) Elsevier (2007) pp.100–111.
[9] H. Çam, S. Ozdemir, P. Nair, D. Muthuavinashiappan, H.O. Sanli, Energy-efficient and secure pattern based data aggregation for wireless sensor networks, Comput. Commun. Elsevier 29 (4) (2006) 446–455.
[10] D. Westhoff, J. Girao, M. Acharya, Concealed data aggregation for reverse multicast traffic in sensor networks: encryption key distribution and routing adaptation, IEEE Trans. Mobile Comput. 5(10) (2006) 1417–1431.
[11] C. Castelluccia, E. Mykletun, G. Tsudik, Efficient aggregation of encrypted data in wireless sensor networks, in: Proceedings of the Conference on Mobile and Ubiquitous Systems: Networking and Services, 2005, pp. 109–117.
[12] I. Rodhea, C. Rohner, n-LDA: n-layers data aggregation in sensor networks, in: Proceedings of the 28th International Conference on Distributed Computing Systems Workshops, 2008, pp. 400–405.
[13] W. Zhang, Y. Liu, S.K. Das, P. De, Secure data aggregation in wireless sensor networks: a watermark based authentication supportive approach, Elsevier Pervasive Mobile Comput. 4 (2008) 658–680.
[15] L. Hu and D. Evans, “Secure aggregation for wireless networks”, In Workshop on Security and Assurancein Ad hoc Networks, Jan 2003.
[16] H. Chan, A. Perrig, and D. Song.Random key predistribution schemes for sensor networks.In Proceedings of the IEEE Security and Privacy Symposim, 2003.
[17] Xiangqian Chen, Kia Makki, Kang Yen, and NikiPissinou, Sensor Network Security: A Survey, IEEE communication survey & tutorials, vol. 11, no. 2, 2009.
