Confidential Aggregation for wireless Transmissions Soonhwa Sung Dept. of Computer science and Engineering College of Engineering Chungnam National University, Yuseong-gu, Daejeon, 305-764, South Korea.
[email protected] Abstract— Wireless sensor network would like to act a secure data aggregation in a cluster. In the previous scheme, there was no efficient data aggregation considering encrypted-data aggregation in multi-layer cluster environment. More specifically, the scheme doesn’t provide multi-layer cluster environment due to one-hop to the base station and it pre-installs keys for verification and data aggregation in the Cluster Head before deployment, so it limits the flexibility of system deployment and aggregation. Besides, it doesn’t support dynamic key management to bring more flexibility in data aggregation. Therefore, this paper proposes data confidentiality for wireless sensor transmission with three layers. Three layers which are composed of public, Sensor Key Translation, and confidential layers operate to solve these problems. The paper extends privacy homomorphism functions to support dynamic data aggregation and the sensors can be moved to another cluster using three layers.
sensors, by subverting a single sensor node the adversary could learn measured values of any and all nodes in the network. Since only the sink should gain an overview of wireless sensor network measurements, this approach is not attractive[ 5]. Three types of nodes are Base Station (BS or sink or Query Server), intermediate node(aggregator or CH) and leaf node(normal sensor node). The BS is a node where the aggregation results are destined, responsible for processing the received data from the sensor network derives meaningful information reflecting the events in the target field. The intermediate node performs sensing, aggregation and forward data from the leaf node to upper aggregator or sink. The normal sensor node senses, aggregates and forwards data. The data collected from the sensor nodes is correlated in terms of time and space, transmit partially processed data to the sink node, which requires data aggregation. It is the process of gathering data from the sensor nodes and aggregate these data using aggregation functions such as MAX, MIN, SUM, AVERAGE, HISTOGRAM, etc. Data aggregation is performed by Cluster Head(CH) if the whole network is divided into several groups known as clusters. The data aggregation avoids redundant data and limits number of transmissions by minimizing communication overhead to extend network lifetime. Protecting the privacy of data collected from the sensor node is a challenge in the data aggregation. Data privacy can be defined as the process in which the adversaries can overhear and decrypt the data. However, still it can provide a mechanism to prevent them from getting the private information[ 6 ]. [7] several studies attempt to provide confidentiality. That is, an aggregator can openly execute addition operations on encrypted binary data. Concealed Data Aggregation(CDA) places more intensity on passive attacks. Specially, it considers if adversaries can eavesdrop the communications on the air. After CDA, succeeding research has been proposed to achieve higher security levels. If sensors within the same cluster encrypt their sensing data with a common secret key, an adversary may decrypt the aggregated cipher text by compromising only one sensor. [8] proposed a data aggregation scheme based on addition homomorphic public-key encryption. It looks like more secure since every sensor stores only public key. The adversary cannot propel the same attack through compromising only one
Keywords—confidential aggregation; homomorphic encryption; three-layer cluster interaction; Cluster Head(CH); symmetric homomorphic scheme
I.
INTRODUCTION
Security in wireless sensor networks is a popular research topic and many advances have been reported on in recent years. Most prior work has focused on ultra-efficient key management, authentication, routing and DoS (Denial of Service) resistance [1,2,3,4]. The aggregation of wireless transmissions becomes problematic if end-to-end privacy between sensors and the sink is required. If we assume that all sensors are trusted, sensors could encrypt data on a hop-byhop basis. For an intermediate sensor which receives and forwards data, this would entail sharing a key each neighboring sensor, for each downstream neighbor, decrypting the received encrypted value, aggregating all received values, and encrypting the result for transmission. Though it is viable, this approach is fairly expensive and complicated. Since the former has to decrypt each received value before aggregation and the latter should impose the overhead by key management. Besides hop-by-hop encryption assumes that all sensors are trusted with the authenticity and privacy of other sensors’ data. This assumption may be altogether unrealistic in some setting, whereas, in others, trust can be partial, i.e., intermediate nodes are trusted with only authenticity or only privacy. Alternatively, if a single global key was used by all
978-1-4799-3689-2/14/$31.00 ©2014 IEEE
390
1
ICOIN 2014
sensor. The adversary can still impersonate other legal sensors to send the forged cipher texts to the CH with the same public key. Authenticity of data is not founded. To achieve privacy, it is required to protect the transmission trend of a node’s secret data from neighbors, because the neighbors know the aggregated sum and the encryption key. Therefore, protecting confidential aggregation is a challenging task. The rest of the paper is organized as follows. Section 2 surveys the related works, Section3 formulates the targeted problems, Section 4 describes proposed three-layer cluster interaction, Section 5 analysis, Section 6 concludes the paper. II.
these mathematical operands, operands for strings, such as finding substring, should also be provided. The scheme is workable in a one-layer clustered network environment, i.e., the aggregator can one-hop to the base station. However, in real deployment, it is usually not the case. Therefore, this problem is necessary to extend to multi-layer cluster environment. Another problem is that the sensors must be fixed to a cluster and can no longer be moved to another cluster. For a key management, the scheme pre-installs keys for verification and data aggregation in the CH before a deployment. This limits the flexibility of system deployment and aggregation. The key management would like to be modified so that these keys will not be stored in aggregation but will be exchanged and retrieved when necessary. Thus, this paper proposes to extend privacy homomorphism functions to support dynamic key management to bring more flexibility in data aggregation. EPSDA[23] overcomes the problem in the existing scheme by performing aggregation on encrypted data, based on privacy homomorphic property of encryption algorithm, however there is a chance of replying the old information to the network. The ESPDA protocol prevents the replay attack by achieving data freshness during aggregation, this increases the accuracy of the aggregated result by performing the aggregation on encrypted data and reduced number of transmissions. However, EPSDA scheme[23] causes extra communication overhead because the BS can securely recover all sensing data rather than aggregated results.
THE RELATED WORKS
Data may traverse several organizational, security or information domains in order to be processed and results delivered. This calls for proper technical and organizational design approaches, which include means for secure data exchange. Various aspects of secure information exchange are already being addressed by many researches. LEAP[9] is a key management protocol that allows in-network aggregation, while restricting the impact of any malicious nodes within their network neighborhood. [10] satisfies confidentiality via a homomorphic encryption scheme. However, every source shares a common key, which means that the system security collapses when a single source is compromised. This problem is fixed in [11], which uses another efficient additively homomorphic scheme and a different key for every source. Finally, the SUM approaches described in [12], [13] protect individual readings, but disclose partial sums and the final result, thus providing a low level of confidentiality. There is a considerable number of methods [14,15,16,17,18,19,20,21] that return approximate results securely, while tolerating malicious activity and preventing DoS attacks. Although secure approximate in-network aggregation is a very interesting and challenging domain, it is not satisfied with this paper. Therefore, this paper proposes the symmetric homomorphic scheme which aggregates wireless layered transmissions for data confidentiality. Homomorphic encryption enables the aggregations to perform the aggregation of wireless transmissions directly on cipher texts through its additive property, thus achieving data confidentiality. III.
IV.
THREE-LAYER CLUSTER INTERACTION
The entire wireless sensor network has three-layer networks in Fig.2 to provide the flexibility to be moved to another cluster. Three layers which are composed of public (first layer), Sensor Key Translation (SKT: second layer), and confidential (final layer) layers dynamically are moved in a cluster. CH position is self-organized itself when CH moves out of the cluster. That is, new-generated cluster which includes bolted CH has only one CH. The three-layer scheme has symmetric homomorphic encryption algorithm to provide higher security strength for aggregation. The algorithm is complicated, but fast due to symmetric encryption. To solve the complication of an algorithm, three-layer provides the flexibility of system deployment and aggregation which will be exchanged and retrieved when necessary.
PROBLEM STATEMENT AND OBJECTIVES
A. CH to aggregate sensors
Shih-I Hung et al.[22] proposed secure encrypted-data aggregation for wireless sensor networks. Though it supports secrecy and privacy, the scheme provides only equality check. More general mathematical operations, such as addition, subtraction, and so on, should be further investigated under the same condition : the encryption keys are always changing and the CH(Cluster Head) cannot decrypt data through it. Except
In Fig.1, the network is divided into clusters. Each cluster owns a CH(or aggregator) having a more powerful wireless transceiver that can transmit data directly to the remote server. Each sensor transmits data only to the CH, and can reduce overhead in forwarding data packets. One CH iteratively transmits a necessary information to another CH though sensors in a cluster actively move.
391
2
imaginary part is used for a private key. Every node share two keys, one key is shared with BS and other is shared with those sensor nodes lying on CH. After receiving a query from the BS, each node customizes its data into a complex number by combining sensitive data with a private real number and adjoins an imaginary number to it. The private real number and imaginary numbers are stored in sensor node memory and in sink node. Each node encrypts and sends the customized data to its CH using the shared key between them. After receiving the customized value, CH forwards another CH and waits for some time to guarantee that all information are received. When the customized data by using additive properties of complex number aggregates, it sends to the BS after symmetric homomorphic encryption. After receiving all the aggregated result from CH, BS sums up the aggregated data. In order to get the actual data and to check the confidentiality, first separate the real part and imaginary part of the sum. Subtracting the sum of private real seeds from the real part of the aggregate at the BS will give the actual sum. For checking the confidentiality, compare the imaginary part of the sum with the sum of imaginary seeds of all sensor nodes. The homomorphic encryption scheme enables the CH to perform aggregation directly on cipher texts through its additive property, thus achieving data confidentiality.
Fig. 1 CH flow
B. Public Layer The first layer network constitutes general nodes including a public key for cognitive sensors. Each node is assigned public key by a routing project and can be an aggregation member. The aggregation member is ready to be sent to CH and CH operates from Cluster i-1 to Clusteri for aggregation which will be exchanged and retrieved when necessary like as Fig. 1.
Symmetric homomorphic encryption scheme A homomorphic encryption is a special class of encryption function which allow the encrypted data to be operated on directly without requiring any knowledge about the decryption function. Suppose EK(·) is an encryption function with key K and DK(·) is the corresponding decryption function, then EK(·) is homomorphic with the operator ◦ , if there is an efficient algorithm such that: (EK(x), DK(y))=E(x◦y) Given EK(x) and EK(y), there exists a computationally efficient Add algorithm such that :EK (x+y)=Add(EK(x), EK(y)). This implies that EK (x+y) can be found easily from EK(x) and EK(y) without knowing the values for x and y[24]. A homomorphic encryption scheme allows arithmetic operations to be performed on cipher texts. One example is a multiplicatively homomorphic scheme such as RSA algorithm, whereby the multiplication of two cipher texts followed by a decryption operation yields the same result as, say, the multiplication of the two corresponding plain-text values. Although RSA gives a good demonstration of privacy homomorphism, it cannot support addition which is the frequently used operation in most of the applications. A practical homomorphic encryption scheme needs to support two basic types of encrypted data processing, namely addition and scalar multiplication. Homomorphic encryption schemes are especially useful in scenarios where someone who does not have decryption keys needs to perform arithmetic operations on a set of cipher texts[5].
C. SKT(Sensor Key Translation) Layer After arriving at CH, each sensor node customizes its data its data into a complex number by combining sensitive data with a private real number and adjoins an imaginary number to it. The private real number and imaginary numbers are stored in sensor node memory and in sink node. The second layer network has SKT which translates a public key into a private key. Since homomorphic encryption scheme need not decryption keys so the translation support homomorphic encryption scheme in a confidential layer. SKT provides to apply homomorphic encryption scheme where someone who does not have decryption keys needs to perform arithmetic operations on a set of cipher texts. D. Confidential Layer The final layer, confidential layer, operates the encrypteddata aggregation without pre-installing keys for verifications. The layer uses an additive property of complex numbers to check a confidentiality in data aggregation. In the two parts of a complex number, the real part is used for a public key and
392
3
Let p be a prime, mi