Before describing our main protocol, we concentrate on interpreting a description of the protocol model and background.
4.1 Data Aggregation Model and Problem Definition
In a sensor network, the goal of aggregation is to compute those aggregation functions (like Sum, Maximum/Minimum, Average, Medium, Count) of the sensed readings on every sensor node. In this paper, the general sensor network is composed of many resource-limited sensor nodes and networks are illustrated in Figure 1. In our structure, there is a set S
s1,s2,...,sn
of n sensing nodes, each sensing node si has sensed data value vi. And there is a single base station R (or query server, sink node etc.), which is able to communicate with sensor nodes and has unlimited power and storage capability. Some of intermediate sensor nodes become aggregators (in this paper we also say cluster leader)A
A1,...,Ak
. Due to large power consumption, when transmitting data packets, an aggregator is used to aggregate partial sensed data for reducing total communication cost and energy-saving.The aggregation within sensor network is performed over an aggregation tree, which is the tree structure formed by the union of all the paths from the sensor nodes to the base station. The same as other data aggregation protocols, we assume the base station is the root of aggregation tree. There are multiple methods for constructing the aggregation tree, but we focus on providing security aspects of data aggregation.
A data aggregation function can representy f
v1,...,vn
. In this paper, we focus on finding maximum/minimum in sensor network. Therefore,
v vn
MAX
v vn
f 1,..., 1,...,
14
4.2 Assumption
We assume that the base station R shares a unique key with every sensor node in the network for confidentiality communication. In addition, we assume R is unable to be compromised and it can authenticate its broadcast messages to all of sensor nods in aggregation tree [21].
For the data transmission, we also assume that there is a reliable transmission mechanism between nodes and it means that packets will not be loss when secure data aggregation procedure was afoot. For the key setup, we assume every sensing node has a common secret key KR
x,q shared with the base station and updates periodically. Additionally, there is a unique pairwise key shared between sensing nodes and the aggregator within a cluster, we can use proposed mechanism called random key distribution proposed in [15]. Besides, we assume the adversary has no knowledge about the WSNs and thus captures nodes randomly. Finally, we assume hop-by-hop authentication between nodes.4.3 Key Setup for Encryption
In our protocol, we need two layer data encryption for secure computation in wireless sensor networks. The first layer is end-to-end encryption which wireless sensor networks to conceal the sensed data and aggregate data readings securely.
Hence, the aggregators are unable to read the private data of sensing nodes. The second layer encryption is to establish a secure channel between the aggregator and sensor nodes. Because of the resource-constrained and storage-limited, we use an encryption transformation called privacy homomorphisms [19] to achieve our target for first layer encryption. We use another symmetric encryption scheme such as AES or RC5 for the second layer encryption. In the setup phase of our protocol, all of
15
sensing nodes in the network need to agree on a secret keyKR
x,q with base station privately. There contains several methods to achieve this job and we omit this issue in this paper.4.4 Attacker Model
In this section, we describe the adversary’s attempt. We first classify the adversary model.
Semi-honest (Honest-but-Curious or Passive) Adversary:
In this model, the attacker will conscientiously follow the prescribed protocol, but will try to learn or compute additional information during following the protocol. In other words, the target of an attacker is to compromise some nodes and read all messages in storage as well as eavesdropped in WSN.
Malicious (Active) Adversary:
In this model, the adversary deviates from the protocol in arbitrary ways. The purpose of this deviation can be several reasons, including learning more information from honest parties, modifying the result of the protocol, interfering the procedure of specified protocol.
Collusive:
We consider that any two participants (maybe two sensing nodes or one is sensing node and the other is aggregator) within cluster are collusive if they use their mutual secrets to derive the additional information.
Non-collusive:
On the other hand, we say two participants are non-collusive means that there are no two parties collude with others.
In this paper we do not consider the malicious adversary, we focus on defeating
16
the attack from semi-honest and non-collusive adversary. In wireless sensor networks, the adversary can compromise a (small) l (nk)fraction of sensors. We say that the adversary compromised a node means as long as it remains in control of sensor nodes, it can read all of contents and eavesdrops all incoming and outgoing messages.
An adversary is interested in learning the private information of sensor nodes while remaining undetected. In addition, an adversary does not interfere with any communication over the network and modify sensed data on sensors it compromised.
We assume adversary is unable to monitor and record all traffic and can only monitor incoming and outgoing communication of compromised nodes.
4.5 Requirement of Secure Data Aggregation
For secure data aggregation, our goal is to achieve end-to-end data privacy in a wireless sensor network. We must prevent a semi-honest adversary (eavesdropper) from obtaining any private information about sensor nodes. The following list the desired characteristics of a secure data aggregation.
Correctness: a correct aggregation of sensor data is desired. In this paper our purpose is to correctly obtain the maximum/minimum value of sensor networks with the constraint that no other sensors know the additional information of any individual sensor.
Privacy: for data confidentiality, there are two privacy goals. First, only the base station can learn about the final aggregation result. Second, each node only has knowledge about its private data after running data aggregation procedure. In another word, the normal neighbor nodes should not be able to know the private readings of other nodes and the secure data aggregation protocol should be able to defeat eavesdropper to reveal private data and ensure that the adversary can’t deduce the
17
plaintext. Besides, o
Efficiency: the purpose of data aggregation is to reduce communication overhead within whole network, thus reduce the power and resource consumption. Data aggregation can be achieved by in-network processing.
4.6 Notations
For clearly, we summarize the notation and symbols used in our protocol in Table 1.
Table 1: Notations Notations Significance
s A sensor node (in here we refer to sensing nodes) A An aggregator (or cluster leader) of a cluster.
n The total number of sensing nodes in the network.
i Sensor indices
j The indices of bit string
l The number of compromised nodes.
si A unique identifier of a sensor node.
m The bit length of sensing data.
k The total number of aggregator in the network.
vi Sensor readings of node si.
R A base station of a wireless sensor network
KR A common key shared between base station and all of sensing nodes Ku,v A unique pair-wise key established between node u and node v.
r, r’ Random numbers
18
.KR
E The encryption algorithm using shared secret key KR by Privacy Homomorhpim
.'Ku,v
E The symmetric encryption algorithm using secret pair-wise key Ku,v.(such as AES, RC5)
ci The ciphertext of vi.
M The message space of the encryption scheme
19