Secure Data Aggregation Using Some Degree of ...

Secure Data Aggregation Using Some Degree of Persistent Authentication in Sensor Networks

1

Secure Data Aggregation Using Some Degree of Persistent Authentication in Sensor Networks Amrita Ghosal 1 and Jyoti Prakash Singh2 1

Durgapur Institute of Advanced Technology and Management 2 Academy of Technology 1 2 E-mail: [email protected], [email protected]

ABSTRACT : Wireless sensor networks consist of a large number of sensor nodes and in this type of networks security of data as well as using minimum amount of energy are two very important issues which are being dealt with nowadays. In this paper, we have proposed a secure data aggregation tree (SAT) with persistent authentication that will help to detect and prevent the cheating activities of any node in the network. Keywords—Data Aggregation, Cheating Detection, Persistent Authentication.

INTRODUCTION

W

ireless sensor networks consist of hundreds to thousands of inexpensive wireless nodes, each having some degree of computational power and sensing capability, operating in an unattended mode [1]. They are intended for a broad range of environmental sensing applications from vehicle tracking to habitat monitoring. A sensor network consists of one or more “sinks” which are also known as base stations which subscribe to specific data streams by expressing interests or queries. The sensors in the network act as “sources” which detect environmental events and send relevant data to the appropriate subscriber sinks . Information aggregation is a common operation which is done in sensor networks Generally, information collected at the sensor nodes needs to be transmitted to a central base station for further processing, analysis, and visualization by the network users. Information aggregation refers to the computation of statistical means and moments, as well as other cumulative quantities that summarize the data obtained by the network. Such accumulation is important for data analysis and for obtaining a deeper understanding of the signal landscapes observed by the network [3]. In sensor networks, the communication cost is often much higher than the computation cost. To lessen the communication cost, in-network data aggregation is considered to be an effective technique. The inherent redundancy in raw data collected from the sensors can often be eliminated by in-network data aggregation. This operation is also useful for extracting application specific information from raw data [4]. The energy factor is also a major concern in a sensor network which can be reduced to a large extent by the use of in-network data processing. Data aggregation could be in the form of data compression or the calculation of some statistical values, such as the mean, max, or min depending on the application. Data aggregation reduces the amount of data

transmitted to the base station [2]. As some raw data items may be invisible to the base station and thus their authenticity and integrity are hard to guarantee. So, data aggregation is potentially vulnerable to attackers who may inject bogus information or forge aggregation values without being detected. It may have a disastrous impact if end users respond according to the faulty information. Several methods have been proposed to solve the above problem. Existing methods depend on complex data authentication operations or the statistical features of specific aggregation operations. To guarantee correctness, persistent authentication operations are used in most existing methods. Persistent authentication mechanisms are very safe to be used in sensor networks. In this paper, we have tried to solve the above problem by building a secure aggregation tree (SAT) having the features of persistent authentication. Firstly, the structure of the secure aggregation tree (SAT) has been described. Secondly, when the aggregation values obtained from an aggregation node are in doubt, a weighted voting scheme is proposed to confirm whether the aggregation node is properly behaving or cheating.

CONSTRUCTING A SECURE AGGREGATION TREE (SAT) Structure of SAT The structure of the aggregation tree is such that any child node can monitor the behavior of its father node and the cheating activities of any non-leaf (aggregation) nodes can therefore be detected. A father node together with its child nodes should form a clique. Thereby a child node will be allowed to monitor its father node’s behavior, and so the child node should also be able to know all the messages that are sent from its sibling nodes to the father node.

184

A Distributed Algorithm to Build SAT A distributed algorithm proposed earlier which was used to build SAT had the assumption that each node knows its one-hop and two-hop neighbors [2]. The one-hop neighbors can be easily found with beacon messages, and the information of two-hop neighbors can be found with one local broadcast from each sensor node, indicating who its one-hop neighbors are. The distributed algorithm builds the aggregation tree starting from the sink node and includes four steps as follows: Step 1: The sink node locally broadcasts an invitation message to all of its one-hop neighbors, indicating that they should be its children. The invitation message contains the IDs of all nodes that a father node wants to invite to join the aggregation tree as its children. It should also include the hop count value to make a node aware of its minimal hop count to the sink node. The hop count value in the invitation message from the sink node is set to zero. Step 2: Once a node receives an invitation message, if this node has not joined the aggregation tree and the invitation message includes this node as a child node, then this node joins the aggregation tree and records the sender of the invitation message as its father node. It locally broadcasts a join message to notify all its neighbors about this decision. This invitation message is also called activating invitation message since it requires the node to join the aggregation tree. Once a node joins the tree, later received invitation messages will be recorded for future use if the hop count value in the invitation messages is smaller than the node’s current hop count value. Another rule is applied which states that if a node receives an invitation message but the hop count value included in the message is 2 hops larger than its current hop count value, then this invitation message is ignored. Step 3: After a node joins the aggregation tree, by verifying its one-hop and two-hop neighbors, excluding those sibling nodes indicated in the activating invitation message, it can identify all the cliques that it belongs to. If such cliques cannot be found, then this node works as a leaf node. Otherwise, it selects the maximal clique and locally broadcasts an invitation message with the hop count value increased by one, indicating that all other nodes in the selected clique should be its children. Step 4: Step 2 and step 3 are repeated until all non-isolated nodes have joined the tree. If a node is disconnected from the sink node, it will not receive any invitation message and will not join the tree. In this case, the node is an isolated node and cannot be used by any means. Due to the topological constraint that an aggregation node together with its children should form a clique, it is possible that some nodes may not join the aggregation tree even if they have paths to the sink node [2]. Such nodes are called sparse nodes since they have only sparse set of neighboring nodes. But generally it is found that the ratio of the number of sparse nodes over

Mobile and Pervasive Computing (CoMPC–2008) the total number of sensor nodes is extremely small if the network density is reasonably high. Therefore it is required that the sparse nodes should send their messages to the sink node without performing any in-network processing. It is possible that in Step 2 and Step 3 local broadcast messages may collide and the correct information may not be received by receivers. Fortunately, this problem can be easily avoided in our tree buildup process, since the order of the broadcast messages from the children nodes can be scheduled by the father node [2]. For instance, when a father node makes the selection of its children, it can arrange an arbitrary order for the children nodes’ broadcasts and piggyback this information in the invitation message. Each child node is permitted to broadcast only in its allocated timeslot. Furthermore, to reduce broadcast overhead, a node may combine the join message and the invitation message into one single broadcast. The figure given below indicates all the steps required for building up of the secure aggregation tree (SAT).

CHEATING DETECTION FOR DATA AGGREGATION Here the cheating detection is done in a very similar way to that of watchdog mechanism where each node works in the listening mode to monitor all transmissions within its maximal radio range [5]. Every node, after sending a packet to its next hop node, listens to the channel to check if its next hop node relays the p acket correctly [2]. Similarly, in case of SAT method also each node can overhear all messages sent to its father node and can monitor the message sent from its father node to its grandfather node to check if the father node performs data aggregation correctly. If a node’s father node sends out a value that is significantly different from a correct aggregation value, the node will raise an alert. So, if a sensor node can overhear all messages sent to its father and track the values that have been aggregated, the cheating mechanism can be minimized [2]. In practice, however, it is possible that some messages to the father node are lost or the father node may not use exactly the same set of values for aggregation due to time asynchrony. In both cases, cheating detection with SAT may generate false alarms. The false alarm rate is obviously dependant on the specific application context and the criterion of raising alerts. A weighted voting method where persistent authentication has been applied has been proposed in the next section.

WEIGHTED VOTING METHOD Here, if a sensor node detects that its father node might be cheating, it sends out an alert message to all its neighbors except the father node [2]. The alert message contains the cheating node’s ID, the detect ing node’s and the confidence value of the alert. The confidence values from all the nodes

Secure Data Aggregation Using Some Degree of Persistent Authentication in Sensor Networks

185

Fig: Illustration of the process of building up of SAT

are recorded. Then the weighted confidence value is calculated using the formula:

F=

∑

m1 i =1

fi

m

Where M —Total no. of sibling nodes in the clique. m 1—Total no. of sibling nodes that send out an alert message. But this above step is carried out only once. It may so happen that a particular node is sending alert messages with confidence values sent by other nodes sending alert messages. If this difference is always found to be different from the confidence values calculated by other nodes, then that particular node can be considered to be a cheating node and not the father node. So the weighted voting method should be applied at least 4–5 times. This would prevent

nodes from sending out fake messages containing false confidence values. We can model the problem in this way. Suppose the child nodes are indicated by C1, C2, ………………..C m, i.e. there are ‘m’ child nodes and let us suppose that each child node is sending ‘n’ no. of data packets to its father node. Then the ‘n’ no. of data packets from each child node will also be sent to all its sibling nodes. Suppose nodes F, C1, C2, C3, C 4 form a clique where F- is the father node and C1 ….C4 are the child nodes of F. Suppose node C1 has sent ‘n’ no. of packets to the father node F. Then nodes C2, C3, C4 will also receive ‘n’ no. of packets from C 1. Then C2, C3, C4 and F will calculate the aggregate values of the ‘n’ packets sent by C 1. After that the difference between the aggregated value of the father node and that of each node C2, C3, and C4 is calculated. If all the differences are found to be almost equal to each other, then none of the nodes are cheating. But if a particular difference is to be not matching

186 with the differences of the other 2 child nodes, then that particular child node might be cheating. If at every step the difference of the aggregated value of that particular child node is found to be a mismatch with the difference of the aggregated values of other child nodes, then it can be confirmed that, that particular child node is cheating.

RELATED WORKS In previous works, the concept of data aggregation uses the data centric protocol (DC) approach with the assumption that the number of transmissions from any node in the data aggregation tree will be exactly one, which is not possible in real systems. Sparse data aggregation uses the fact that there may be many unknown sinks to who m the data aggregation result [1] has to be sent and this may pose a serious security threat. Another approach uses Forward Authentication Protocol [3] where keys are exchanged between nodes for security reasons but this idea adds extra overhead for the sensor network. But this concept of using keys would not be required for secure aggregation tree mechanism for data aggregation.

Mobile and Pervasive Computing (CoMPC–2008)

REFERENCES [1] Sparse Data Aggregation in Sensor Networks- Jie Gao, Computer Science Department,[email protected] Leonidas Guibas Nikola Milosavljevic Computer Science Department Stanford University, Stanford, CA 94305 [email protected] [email protected] John Hershberger Mentor Graphics 8005 S.W. Boeckman Wilsonville, [email protected]. [2] Secure data aggregation without persistent cryptographic operations in wireless sensor networks—Kui Wu a, Dennis Dreef, Bo Sun, Yang Xiao. [3] SIA: Secure Information Aggregatio n in Sensor NetworksBartosz Przydatek Carnegie Mellon University Pittsburgh, PA 15213, USA [email protected] Dawn Song Carnegie Mellon University Pittsburgh, PA 15213, USA dawnsong@ cmu.edu Adrian Perrig Carnegie Mellon University Pittsburgh, PA 15213, USA [email protected] [4] Security Solutions for Wireless Sensor Networks (September 2006) Frederik Armknecht, Alban Hessler, Joao Girao, Amardeo Sarma and DirkWesthoff, on the behalf of the UbiSec&Sens consortium .

CONCLUSION

[5] Marti, S., Giuli, T.J., Lai, K. and Baker, M., Mitigating routing misbehavior in mobile ad hoc networks, in mobile computing and networking, 2000, pp. 255–65.

In this paper, we have proposed the idea of weighted voting with persistent authentication. This will help in reducing the bogus information sent by other nodes and so will help to detect which nodes are cheating nodes in that particular network. We are also in the process of simulating this method of weighted voting with persistent authentication.

[6] The Impact of Data Aggregation in Wireless Sensor Networks Bhaskar Krishnamachari Cornell University ECE [email protected] Deborah Estrin UCLACS destrin@ lecs.cs.ucla.edu Stephen Wicker Cornell University ECE [email protected].