International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 2– Feb 2014
Survey on End-To-End Confidentiality in Wireless Sensor Networks T.Gowtham1, D.Sathya2 1
2
( Student, Kumaraguru College of Technology, Coimbatore, Tamil Nadu, India) (Assistant Professor, Department of Computer Science and Engineering, Kumaraguru College of Technology, Coimbatore, Tamil Nadu, India)
ABSTRACT: A wireless sensor network (WSN) is a collection of a large number of sensor nodes and few sink nodes that have limited Computation, communication and power resources. Data aggregation is used to reduce amount of data transmission and increases the lifetime of sensors. Data aggregation is the process of combining the raw data from one or more sensor nodes and performs operations as min, max, count, avg. The sensor nodes are often deployed in hostile environment so the aggregated result should be protected from the various types of attacks in order to achieve the data integrity-confidentiality and authentication. The various approaches given for the secure data aggregation is classified into two groups, secure data aggregation on unencrypted data and secure data aggregation on encrypted data. The paper proposes a detailed survey on secure data aggregation on encrypted data. Keywords - Data aggregation, Encryption, Decryption, Integrity, confidentiality, authentication, security.
I.
INTRODUCTION
Advances in robotics have made it possible to develop a variety of new architectures for autonomous wireless sensor networks. Mobile nodes, essentially small robots with sensing, wireless communications, and movement capabilities, are useful for tasks such as static sensor deployment. These advanced sensor network architectures could be used for a variety of applications including intruder detection, border monitoring, and military patrols. In potentially hostile environments, the security of unattended mobile nodes is extremely critical. The attacker may be able to capture and compromise mobile nodes, and then use them to inject fake data, disrupt network operations, and eavesdrop on network communications[1]. As sensor networks become wide-spread in different environments, security issues become a central concern, especially in mission-critical tasks. To protect information from the various types of attacks in order to achieve the data integrityconfidentiality and authentication, secure data aggregation is introduced.
ISSN: 2231-2803
1.1 Importance of Security in WSN Computer networks created a revolution in the use of information. Information is now distributed. Authorized people can send and retrieve information from a distance using computer networks. Although the three above mentioned requirements confidentiality, integrity, and availability have not changed, these have some new dimensions. Not only should information be confidential when it is stored in a computer, there should also be a way to maintain its confidentiality when it is transmitted from one computer to another. When data is transmitted with aggregation it enhances the lifetime of sensor and reduces the energy consumption by eliminating the redundancy. 1.2 Secure Data Aggregation In order to save resources and energy, data must be aggregated to avoid overwhelming amounts of traffic in the network. Aggregation is the process of performing some operation on the data sensed by sensor nodes and reports the aggregated data to a central node, called sink. Data aggregation is the process of combining the raw data from one or more sensor nodes and performs operations as min, max, count, avg. The sensor nodes are often deployed in hostile environment so the aggregated result should be protected from the various types of attacks in order to achieve the security issues. The various approaches given for the secure data aggregation is classified into two group, secure data aggregation on unencrypted data and secure data aggregation on encrypted data. Secure data aggregation on unencrypted data means the aggregator node decrypts, performs aggregation, encrypts and forward to the Base station.
II.
Secure
data
aggregation
on
encrypted Secure data aggregation on unencrypted data leads some security attacks such as node compromise, fake data injection, latency, due to data decryption on aggregator node. In secure data aggregation on encrypted data, the aggregator node performs the aggregation on encrypted data without decrypting it and forward to the Base station. Various end-to-end secure data aggregation protocols are discussed below:-
http://www.ijcttjournal.org
Page110
International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 2– Feb 2014 2.1.
Secure Data Aggregation Scheme (SDAS)
for Clustered WSN Secure data aggregation scheme[3] for clustered wireless sensor networks on this, the encrypted sensor readings are transmitted to the cluster head with MAC and the cluster head process the encrypted data without decryption. For the readings have the same value and come from different sensor nodes, the cluster head remains the node’s identifiers in data aggregation process to provide the information for global data distribution. Except providing data privacy protection, the scheme had better performances in resilient against active attack, node compromise attack and DoS attack. 2.1.1.
Implementation It is designed for static cluster wireless network in non-overlapping clusters. System initialization: Let S – Sensors (their ids,.. S1, S2, …SN, respectively) (e1, e2,…,eN) – Random Keys m() , h() - One way functions Data Encryption: Let Si - Clusters AGi - Cluster Head vi - Sensor Reading Ki - Pair wise Key Then, < Si || c || (vi XOR m(ri)) || ( ei XOR ri) || m(m(ri)) || MAC> And MAC as follows, < MAC = h(ki || c || (mi XOR m(r i)) || (ki XOR ri) || m(m(ri)))> The , data decryption, is done in base station, at first, BS aggregates the data come from neighbor sensors and child aggregators in the same way with mid aggregators. Then, BS decrypts the sensor reading as follow[4]: Mi = < Si || (vi XOR m(ri)) || ( ki XOR ri) || m(m(ri)) , IDList> Drawbacks 1. Node compromise. 2. End-End but security is insufficient with active attacks. 2.2. Recoverable Concealed Data Aggregation for Data Integrity (RCDA) In RCDA Data aggregation schemes[1] provide better security compared with traditional aggregation schemes. Since cluster heads (aggregator) can directly aggregate the cipher texts without decryption and consequently transmission overhead is reduced. The base station only retrieves the aggregated result, not individual data, which causes two problems. First, the usage of aggregation functions is constrained. For example,
ISSN: 2231-2803
the base station cannot retrieve the maximum value of all sensing data if the aggregated result is the summation of sensing data. Second, the base station cannot confirm data integrity and authenticity via attaching message digests or signatures to each sensing sample. Above two drawbacks can be overcome by, recovering all sensing data even the data has been aggregated. This property is called “recoverable.” A well-known approach named Concealed Data Aggregation (CDA) has been proposed based on these two ideas. CDA provides both end-to-end encryption and in-networking processing in WSN. Since CDA applies privacy homomorphism (PH) encryption with additive homomorphism, cluster heads are capable of executing addition operations on encrypted numeric data. Later, several PH-based data aggregation schemes have been proposed to achieve higher security levels. In the above PHbased schemes the base station receives only the aggregated results. It brings two problems. In beginning the usage of aggregation functions is constrained. For example, these schemes only allow cluster heads to perform additive operations on cipher texts sent by sensors therefore, they are ineffective if the base station desires to query the maximum value of all sensing data. Second, the base station cannot verify the integrity and authenticity of each sensing data. These problems seem to be solved if the base station can receive all sensing data rather than aggregated results, but this method is in direct contradiction to the concept of data aggregation—that the base station obtains only aggregated results. This design is an approach that allows the base station to receive all sensing data but still reduce the transmission overhead. In RCDA [1], a base station can recover each sensing data generated by all sensors even if these data have been aggregated by cluster heads (aggregators). With these individual data, two functionalities are provided. First, the base station can verify the integrity and authenticity of all sensing data. Second, the base station can perform any aggregation functions on them. RCDA schemes named RCDA-HOMO and RCDA-HETE for homogeneous and heterogeneous WSN respectively defined here. Two signature schemes such as Mykletun et al.’s and Boneh et al.’s scheme were followed by six steps namely [1]: 1. key generation (KeyGen), 2. signing (Sign), 3. verifying 4. (Verify), 5. aggregation (Agg), and 6. Verifying aggregated signature (AggVerify). Drawbacks 1. Use of aggregation constrained.
http://www.ijcttjournal.org
function
Page111
is
International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 2– Feb 2014 2.3. Efficient Aggregation of Encrypted Data In efficient data aggregation [2] each sensor devices’ data transmissions is a energy-consuming tasks, so to increase the lifetime of a WSN it is essential to minimize the number of bits sent by each devices. One well known approach is to aggregate sensor data (e.g., by adding) along the path from sensors to the sink. Aggregation becomes especially challenging if end-to-end privacy between sensors and the sink is required. An simple and provably secure additively homomorphic stream cipher that allows efficient aggregation of encrypted data. The new cipher only uses modular additions (with very small moduli) and is therefore very well suited for CPUconstrained devices. Aggregation based on this cipher can be used to efficiently compute statistical values such as mean, variance and standard deviation of sensed data, while achieving significant bandwidth gain. Homomorphic encryption scheme allows arithmetic operations to be performed on cipher texts. One example is a multiplicatively homomorphic scheme, whereby the multiplication of two cipher texts followed by a decryption operation yields the same result as, the multiplication of the two corresponding plaintext values. Homomorphic encryption schemes are especially useful in scenarios where someone who does not have decryption keys needs to perform arithmetic operations on a set of ciphertexts. A more formal description of homomorphic encryptions schemes is as follows. Let Enc () - probabilistic encryption scheme. M - message space C - cipher text space such that M is a group under operation XOR and C is a group under operation MUL. Enc() is a (XOR,MUL) - homomorphic encryption scheme if for any instance Enc() of the encryption scheme, given c1 = Enck1(m1) and c2 = Enck2(m2), there exists a key k such that c1 MUL c2 = Enck(m1 XOR m2) In other words, the result of the application of function XOR on plaintext values may be obtained by decrypting the result of MUL applied to the corresponding encrypted values. A good example is the RSA cryptosystem which is multiplicatively homomorphic. The proposed scheme is additively homomorphic encryption technique. The scheme is mentioned below. Additively Homomorphic Encryption Scheme, Encryption 1. Represent message m as integer m ∈ [0,M − 1] where M is large integer. 2. Let k be a randomly generated key stream, where k ∈[0,M − 1]. 3. Compute c = Enc(m, k, M) = m + k (mod M). Decryption
ISSN: 2231-2803
1. Dec(c, k,M) = c − k (mod M). Addition of Cipher texts 1. Let c1 = Enc(m1, k1,M) and c2 = Enc(m2, k2,M). 2. For k = k1 + k2, Dec (c1 + c2, k,M) = m1 + m2. Assume that 0 ≤ m < M. Due to the commutative property of addition, the above scheme is additively homomorphic. In fact, if c1 = Enc(m1, k1,M) and c2 = Enc(m2, k2,M) then c1 + c2 = Enc (m1+m2 , k1+k2,M) Note, that if n different ciphers ci are added, then M must be larger than∑ , otherwise correctness is not provided. In fact if ∑ mi ,is larger than M, decryption will results in a value m’ that is smaller than M. . The key stream k can be generated by using a stream cipher, such as RC4, keyed with a node’s secret key si and a unique message id. This secret key pre-computed and shared between the node and the sink, while the message id can either be included in the query from the sink or derived from the time period in which the node is sending its values in (assuming some form of synchronization). Drawbacks 1. Hop by hop encryption 2. Uses Non Aggregation methodology
type
of
2.4. Secure Hierarchical Data Aggregation Traditional end-to-end security[4] is not suitable for use with in-network aggregation. A corrupted sensor has access to the data and can falsify results. Additively homomorphic encryption allows for aggregation of encrypted values, with the result being the same as the result when unencrypted data was aggregated. Using public key cryptography, digital signatures can be used to achieve integrity. The use of homomorphic encryption and additive digital signatures is to achieve confidentiality, integrity and availability for in-network aggregation in wireless sensor networks. Homomorphic encryption does not provide integrity. The, Public key elliptic curve cryptography, use on digital signatures to provide integrity. Digital signature schemes are not homomorphic. Hence two signatures generated on two different messages cannot be combined to verify the sum of messages. Elliptic curve digital signatures are used to provide message integrity and integrity of the aggregate in addition to data confidentiality. Elliptic curve cryptography uses curves whose variables & coefficients are finite. Each node generates a reading. The reading is signed with the aggregate signature protocol using the node’s private key; this is shown as Sig(x). Each node homomorphically encrypts the reading with the base station’s public key; this is shown as
http://www.ijcttjournal.org
Page112
International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 2– Feb 2014 Enc(x) . The node sends the secured reading, the signature and its public key to its parent. After receiving messages from all its children, the parent combines the messages into one. The parent sums the secured readings, the signatures and the public keys. If the parent also contributes a reading, that reading is treated like any other reading. Examples are SUM−ENC, SUM−SIG and SUM−KEY. This process is repeated by each parent along the path to the base station. The base station decrypts the received message. The sum of the readings was homomorphically encrypted with the base stations public key. This allows the base station to decrypt the. Only the base station which is in possession of the matching private key is able to decrypt the readings. For example, Dec(Enc(x)) each node signed its messages, and these signatures were combined along the way. The base station can now verify the sum of the signatures given the sum of the public keys. The aggregate signature protocol ensures that only readings from legitimate sensors are included in the aggregate. Two types of data confidentiality are necessary in WSNs they, generic confidentiality and end-to-end confidentiality. Generic confidentiality means that any node not participating in the aggregation mechanism is not able to access the data. End-to-end confidentiality means that any node participating in the aggregation mechanism is unable to access the already aggregated data. The protocol mentioned above provides security for both types of confidentiality using symmetric key cryptography and multiple homomorphic encryptions.
By using the same set of nodes as an example, the tree will now have node 8 chosen as the root and all other nodes are still talking to node 8 via the shortest path route (see in Figure 2.2). Node 6 which finds itself having two shortest-path neighbors of nodes 2 and 4 will attach itself to the higher-energy one (i.e. node 2). This allows a node that has more available resources to be selected as a parent node. The E-Span protocol is shown in Figure 2.3.
Fig.1. Connectivity diagram The configuration message now involves 3 additional parameters: the residual energy of the node that sends the message, that of the node’s chosen root, and the node’s chosen parent.
10j
8
10j
8j 7 2
Drawbacks 1. A Corrupted sensor can have access to the data. 2.5. An Energy-Aware Spanning Tree Algorithm for Data Aggregation
4
3j
1 5
7j 6
E-Span which is an energy-aware spanning is a tree algorithm. E-Span is a distributed protocol and facilitates the sources within an event region to perform data aggregation. In E-span, the source node which has the highest residual energy is chosen as the root. Other source nodes choose their corresponding parent node among their neighbors based on the residual energy and distance to the root. E-Span is a graph that covers all the nodes as vertices and contains no cycles. All other nodes are still connected to the selected root via the shortestpath route. Since the root is also responsible to coordinate the routes with distant sinks, the node with the highest energy level is now chosen as the root. Each other node is given with the choice to select its parent as the highest-energy neighbor for whom the shortest path message comes from.
ISSN: 2231-2803
6j
8j
3 9j
Fig..2. E-Span configurations
http://www.ijcttjournal.org
Page113
International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 2– Feb 2014
10j 8
4j
8j 7
2 3j
4
1
6j
5 10j
6
9j
8j 3
Police officer LOCATION PRIVACY
Attacker
(Sensor node) Mix zone model
Or
(Minimizing intrusiveness)
Criminal
RFID
Police Commissioner (CH) Encryption &
Appropriate Timing
Decryption
Aggregation
Pattern Identification Includes intra – node and randomized routing DATABASE (SINK)
Fig.2. PPP Architecture Lines 1 to 3 begin the message exchanges and restrict these exchanges to be within the event area [5]. Lines 4 to 7 allow a root to periodically generate a message every T seconds and reset a node that loses connection with its parent. Lines 8 to 11 update the list of child nodes for the receiving node. Lines 12 to 16 update the message when a node receives an energy update from its parent, or when it detects a better shortest-path neighbor or a higher-energy root. Lines 14 and 15 compare the receiving node with the root. Line 16 broadcasts the message if there is a change. Define: rn to be the ID of the root selected by node n. dn to be the shortest-path distance from rn to node n. gn= (n, rn, dn ) to be the message sent by node n. pn to be the ID of the parent selected by node n. trecv,n to be the time node n received the message from its parent. Initialize: gn to (n, n, 0) for all n € N pn to n for all n € N t recv,n to 0 for all n€N GetSpan (node ID n, time t, timeframe T) 1 if n is not an event source, 2 return
ISSN: 2231-2803
3 else {single-hop broadcast gn and start a timer P that expires every T sec 4 while true, 5 if timer P expires and (rn = n or t > trecv,n +T), 6 set gn to (n, n, 0) 7 set pn to n 8 set trecv,n to t 9 single-hop broadcast gn 10 if receiving a message gi from node i, 11 if ri < rn, or (ri = rn and di+1 < dn), or (ri = rn, di+1 = dn , and i<=pn ), 12 set gn to (n, ri, di+1) 13 set pn to i 14 set trecv,n to t 15 single-hop broadcast gn and restart timer P Single-hop broadcast corresponds to sending a packet to all single-hop neighbors. Our proposed ESpan has the same objective in an attempt to construct a data aggregation tree and select a dedicated root for which data is gathered. E-Span, EDAT, and HEED consider the residual energy, thereby enhancing the chance of distributing the loads over higher energy nodes.
CONCLUSION The paper deals with the techniques used in secure data aggregation on encrypted data. It provides an end-to-end security through the data confidentiality and Integrity. The above techniques mainly concerned with secure data aggregation. Recoverable Concealed Data Aggregation for Data Integrity (RCDA) provides more security than other traditional data aggregation schemes. There are some other security issues needs to be resolved.
REFERENCES [1] Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, and Hung-Min Sun” RCDA: Recoverable Concealed Data Aggregation for Data Integrity in Wireless Sensor Networks” IEEE transactions on parallel and distributed systems, vol. 23, no. 4, april 2012. [2] Claude Castelluccia, Einar Mykletun, Gene Tsudik “Efficient Aggregation of encrypted data in Wireless Sensor Networks” Second Annual International Conference on Mobile and Ubiquitous Systems Networking and Services (MobiQuitous’05) 2005. [3] Julia Albath, Sanjay Madria “Secure Hierarchical Data Aggregation in Wireless Sensor Networks” IEEE Communications Society subject matter experts for publication in the WCNC 2009 proceedings. [4] Stavros Papadopoulos, Aggelos Kiayias, and Dimitris Papadias “Exact In Network Aggregation with Integrity and Confidentiality” IEEE transactions on knowledge and data engineering, vol. 24, no. 10, october 2012. [5] Suat Ozdenir” Concealed Data Aggregation in Heterogeneous Sensor Networks using Privacy Homomorphism” IEEE Conference on Computer Society 2007. [6] Marc Lee,Vincent W.S. Wong” An Energy-Aware Spanning Tree Algorithm For Data Aggregation In Wireless Sensor Networks”IEEE transactions on knowledge and data engineering, 0-7803-9195-0/05/$20.00 ©2005 IEEE.
http://www.ijcttjournal.org
Page114