Claude Castelluccia
Gene Tsudik
Abstract
Wireless sensor networks (WSNs) are composed of tiny devices with limited computation and battery capacities. For such resource-constrained devices, data transmission is a very energy-consuming operation. To maximize WSN lifetime, it is essential to minimize the number of bits sent and received by each device. One natural approach is to aggregate sensor data along the path from sensors to the sink. Aggregation is especially challenging if end-to-end privacy between sensors and the sink (or aggregate integrity) is required. In this article, we propose a simple and provably secure encryption scheme that allows efficient additive aggregation of encrypted data. Only one modular addition is necessary for ciphertext aggregation. The security of the scheme is based on the indistinguishability property of a pseudorandom function (PRF), a standard cryptographic primitive. We show that aggregation based on this scheme can be used to efficiently compute statistical values, such as mean, variance, and standard deviation of sensed data, while achieving significant bandwidth savings. To protect the integrity of the aggregated data, we construct an end-to-end aggregate authentication scheme that is secure against outsider-only attacks, also based on the indistinguishability property of PRFs.
- Bellare, M., Canetti, R., and Krawczyk, H. 1996. Keying hash functions for message authentication. In Proceedings of Advances in Cryptology (CRYPTO'96). Lecture Notes in Computer Science, vol. 1109, Springer. 1--15. Google Scholar
Digital Library
- Boneh, D., Gentry, C., Lynn, B., and Shacham, H. 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In Proceedings of Advances in Cryptology (EUROCRYPT'03). Lecture Notes in Computer Science, vol. 2656, 416--432. Google ScholarDigital Library
- Buttyán, L., Schaffer, P., and Vajda, I. 2006. RANBAR: RANSAC-based resilient aggregation in sensor networks. In Proceedings of the 4th ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06). 83--90. Google ScholarDigital Library
- Castelluccia, C., Mykletun, E., and Tsudik, G. 2005. Efficient aggregation of encrypted data in wireless sensor networks. In Proceedings of MobiQuitous. 1--9. Google ScholarDigital Library
- Castelluccia, C. and Soriente, C. 2008. ABBA: Secure aggregation in WSNS - a bins and balls approach. In Proceedings of the 6th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt).Google Scholar
- Chan, A. C.-F. and Castelluccia, C. 2007. On the privacy of concealed data aggregation. In Proceedings of ESORICS. Lecture Notes in Computer Science, vol. 4734, 390--405. Google ScholarDigital Library
- Chan, A. C.-F. and Castelluccia, C. 2008. On the (im)possibility of aggregate message authentication codes. In Proceedings of the IEEE International Symposium on Information Theory (ISIT).Google Scholar
- Chan, H., Perrig, A., and Song, D. 2006. Secure hierarchical in-network aggregation in sensor networks. In Proceedings of the ACM Conference on Computer and Communication Security (CCS'06). 278--287. Google ScholarDigital Library
- Eschenauer, L. and Gligor, V. D. 2000. A key management scheme for distributed sensor networks. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). 41--47. Google ScholarDigital Library
- Girao, J., Westhoff, D., and Schneider, M. 2004. CDA: Concealed data aggregation in wireless sensor networks. In Proceedings of the ACM Conference on Web Information Systems (WiSe).Google Scholar
- Goldreich, O. 2001. Foundations of Cryptography: Part 1. Cambridge University Press. Google ScholarDigital Library
- Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. ACM 33, 4, 792--807. Google ScholarDigital Library
- Goldwasser, S. and Micali, S. 1984. Probabilistic encryption. J. Comput. Syst. Sci. 28, 2, 270--299.Google ScholarCross Ref
- Goldwasser, S., Micali, S., and Rivest, R. 1988. A secure signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 2, 281--308. Google ScholarDigital Library
- Hu, L. and Evans, D. 2003. Secure aggregation for wireless networks. Workshop on Security and Assurance in Ad hoc Networks. http://www.cs.virginia.edu/evans/pubs/wsaan.ps Google ScholarDigital Library
- Iwata, T. and Kurosawa, K. 2003. OMAC: One-key CBC MAC. In Proceedings of Fast Software Encryption (FSE'03). Lecture Notes in Computer Science, vol. 2887, 129--153.Google ScholarCross Ref
- Karlof, C., Sastry, N., and Wagner, D. 2004. Tinysec: a link layer security architecture for wireless sensor networks. In Proceedings of the ACM Conference on Embedded Networked Sensor Systems (SenSys). 162--175. Google ScholarDigital Library
- Karlof, C. and Wagner, D. 2003. Secure routing in wireless sensor networks: Attacks and countermeasures. In Proceedings of the IEEE Workshop on Sensor Network Protocols and Applications.Google Scholar
- Katz, J. and Yung, M. 2006. Characterization of security notions for probabilistic private-key encryption. J. Cryptology 19, 1, 67--95. Google ScholarDigital Library
- Madden, S. R., Franklin, M. J., Hellerstein, J. M., and Hong, W. 2002. TAG: a Tiny AGgregation service for ad-hoc sensor networks. In Proceedings of the 5th Annual Symposium on Operating Systems Design and Implementation. 131--146. Google ScholarDigital Library
- Naor, M., Reingold, O., and Rosen, A. 2002. Pseudorandom functions and factoring. SIAM J. Comput. 31, 5, 1383--1404. Google ScholarDigital Library
- Naor, M. and Yung, M. 1990. Public-key cryptosystems provably secure against chosen-ciphertext attacks. In Proceedings of the ACM Symposium on Theory of Computing (STOC). 427--437. Google ScholarDigital Library
- NIST. 2001. Advanced encryption standard. National Institute of Standards and Technology. FIPS PUB 197.Google Scholar
- Perrig, A., Stankovic, J., and Wagner, D. 2004. Security in wireless sensor networks. Commun. ACM 47, 53--57. Google ScholarDigital Library
- Perrig, A., Szewczyk, R., Wen, V., Culler, D., and Tygar, D. 2001. SPINS: Security protocols for sensor networks. In Proceedings of the ACM Conference on Mobile Computing and Networking (MOBICOM). 189--199. Google ScholarDigital Library
- Przydatek, B., Song, D., and Perrig, A. 2003. SIA: Secure information aggregation in sensor networks. In Proceedings of the ACM Conference on Embedded Networks in Sensor Systems (SENSYS). 255--265. Google ScholarDigital Library
- Rivest, R. L. 1995. The RC5 encryption algorithm. Dr. Dobb's J. 1008.Google Scholar
- Rivest, R. L., Shamir, A., and Adleman, L. M. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120--126. Google ScholarDigital Library
- Vernam, G. S. 1926. Cipher printing telegraph systems for secret wire and radio telegraphic communications. J. Amer. Inst. Elect. Eng. 45, 105--115.Google Scholar
- Wagner, D. 2004. Resilient aggregation in sensor networks. In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN). Google ScholarDigital Library
- Westhoff, D., Girao, J., and Acharya, M. 2006. Concealed data aggregation for reverse multicast traffic in sensor networks: Encryption, key distribution, and routing adaption. IEEE Trans. Mobile Comput. 5, 10, 1417--1431. Google ScholarDigital Library
- Wood, A. D. and Stankovic, J. A. 2002. Denial of service in sensor networks. IEEE Comput. 35, 54--62. Google ScholarDigital Library
- Yang, Y., Wang, X., Zhu, S., and Cao, G. 2006. SDAP: A secure hop-by-hop data aggregation protocol for sensor networks. In Proceedings of the ACM Internation Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc). Google ScholarDigital Library
- Zhu, S., Setia, S., Jajodia, S., and Ning, P. 2004. An interleaved hop-by-hop authentication scheme for filtering false data in sensor networks. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
Index Terms
- Efficient and provably secure aggregation of encrypted data in wireless sensor networks
Recommendations
An efficient and secure recoverable data aggregation scheme for heterogeneous wireless sensor networks
In wireless sensor networks, data aggregation plays an important role in reducing energy consumption. Recently, research has focused on secure data aggregation due to the open and hostile environment deployed. The Homomorphic Encryption (HE) scheme is ...
Secure Data Aggregation in WSNs: A Two Level Framework
SIN '18: Proceedings of the 11th International Conference on Security of Information and NetworksEnergy efficiency is an important issue in wireless sensor networks; clustering of nodes and sensor data aggregation are popular techniques to address the issue. Sensors generate sensitive data in many applications and thus methods to secure the data so ...
Discrete logarithm based additively homomorphic encryption and secure data aggregation
At PKC 2006, Chevallier-Mames, Paillier, and Pointcheval proposed discrete logarithm based encryption schemes that are partially homomorphic, either additively or multiplicatively and announced an open problem: finding a discrete logarithm based ...
Comments