37th Annual IEEE Conference on Local Computer Networks (2012)
Clearwater Beach, FL, USA USA
Oct. 22, 2012 to Oct. 25, 2012
Sunoh Choi , Department of Computer Science, Purdue University, West Lafayette, IN, USA
Gabriel Ghinita , Department of Computer Science, University of Massachusetts, Boston, USA
Elisa Bertino , Department of Computer Science, Purdue University, West Lafayette, IN, USA
In-network aggregation is an essential operation which reduces communication overhead and power consumption of resource-constrained sensor network nodes. Sensor nodes are typically organized into an aggregation tree, whereby aggregator nodes collect data from multiple data source nodes, and perform a reduction operation such as sum, average, minimum, etc. The result is then forwarded to other aggregators higher in the hierarchy toward a base station (or sink node) that receives the final outcome of the in-network computation. However, despite its performance benefits, aggregation introduces several difficult security challenges with respect to data confidentiality, integrity and authenticity. In today's outsource-centric computing environments, the aggregation task may be delegated to a third party that is not fully trusted. In addition, even in the absence of outsourcing, nodes may be compromised by a malicious adversary with the purpose of altering aggregation results. To defend against such threats, several mechanisms have been proposed, most of which devise aggregation schemes that rely on cryptography to detect that an attack has occurred. Although they prevent the sink from accepting an incorrect result, such techniques are vulnerable to denial-of-service if a compromised node alters the aggregation result in each round. Several more recent approaches also identify the malicious nodes and exclude them from future computation rounds. However, these incur high communication overhead as they require flooding or other expensive communication models to connect individual nodes with the base station. We propose a flexible aggregation structure (FAS) and an advanced ring structure (ARS) topology that allow secure aggregation and efficient identification of malicious aggregator nodes for the SUM operation. Our scheme uses only symmetric key cryptography, outperforms existing solutions in terms of performance, and guarantees that the aggregate result is correct and that malicious nodes are identified.
Base stations, Protocols, Structural rings, Bismuth, Encryption, Radiation detectors, Sensor Networks, Security, Aggregation
S. Choi, G. Ghinita and E. Bertino, "Secure sensor network SUM aggregation with detection of malicious nodes," 37th Annual IEEE Conference on Local Computer Networks(LCN), Clearwater Beach, FL, USA USA, 2012, pp. 19-27.