RCDA
advertisement
RCDA: Recoverable Concealed Data
Aggregation for Data Integrity in
Wireless Sensor Networks
Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin,
Hung-Ming Sun
IEEE Transactions on Parallel and Distributed
Systems, Vol.23, No.4, April 2012
Presenter: 林顥桐
Date: 2012/11/19
1
Outline
•
•
•
•
•
•
Introduction
Encryption Scheme and Signature Scheme
RCDA Scheme for Homogeneous WSN
RCDA Scheme for Heterogeneous WSN
Implementation and Comparisons
Conclusion
2
Introduction
• The usage of aggregation functions is
constrained
• The base station cannot verify the integrity
and authenticity of each sensing data
3
Introduction
• RCDA
– The base station can verify the integrity and
authenticity of all sensing data
– The base station can perform any aggregation
functions on them
4
Encryption Scheme and Signature
Scheme
• Encryption Scheme
– Mykleton et al.’s Encryption Scheme
• Signature Scheme
– Boneh et al.’s Signature Scheme
5
Encryption Scheme and Signature
Scheme
• Mykleton et al.’s Encryption Scheme
– Proposed a concealed data aggregation scheme
based on the elliptic curve ELGamal(EC-EG)
cryptosystem
6
Encryption Scheme and Signature
Scheme
• Boneh et al.’s Signature Scheme
– Proposed an aggregate signature scheme which
merges a set of distinct signatures into one
aggregated signature
– Based on bilinear map
7
Outline
•
•
•
•
•
•
Introduction
Encryption Scheme and Signature Scheme
RCDA Scheme for Homogeneous WSN
RCDA Scheme for Heterogeneous WSN
Implementation and Comparisons
Conclusion
8
RCDA Scheme for Homogeneous WSN
9
RCDA Scheme for Homogeneous WSN
• Four procedures
– Setup
• Base Station(BS) generates the key pairs
– Encrypt-Sign
• Trigger while a sensor decides to send its sensing data to the
cluster head(CH)
– Aggregate
• Launched after the CH has gathered all ciphertext-signature
pairs
– Verify
• Receive the sum of ciphertext and signature from CH, BS can
recover and verify each sensing data
10
RCDA Scheme for Homogeneous WSN
• Setup
– (PSNi , RSNi ): For each sensor SNi, the BS
generates (PSNi,RSNi) by KeyGen Public key, where vi = xi*g
procedure(Boneh scheme) where PSNi = vi and
RSNi = xi Privacy key , randomly selected from Zp
– (PBS, RBS): These keys are generated by KeyGen
procedure(Mykletun scheme) where PBS ={Y, E, p,
G, n} and RBS = t
Y = t*G, E is an elliptic curve over a finite Fp, p is a prime number,
G is a generator on E, n is the order of E, t is a privacy key
randomly from Fp
11
RCDA Scheme for Homogeneous WSN
• Setup
– RSNi, PBS, H, are loaded to SNi for all i
– BS keeps all public keys PSNi and its own RBS in
privacy
12
RCDA Scheme for Homogeneous WSN
• Encrypt-Sign
Boneh’s signature
Mykleton’s Encrypt
13
RCDA Scheme for Homogeneous WSN
• Aggregate
14
RCDA Scheme for Homogeneous WSN
• Verify
– 1)
– 2)
– 3)
– 4)
?
15
Outline
•
•
•
•
•
•
Introduction
Encryption Scheme and Signature Scheme
RCDA Scheme for Homogeneous WSN
RCDA Scheme for Heterogeneous WSN
Implementation and Comparisons
Conclusion
16
RCDA Scheme for Heterogeneous WSN
17
RCDA Scheme for Heterogeneous WSN
• Five procedures
– Setup
• Necessary secrets are loaded to each H-Sensor and L-Sensor
– Intracluster Encrypt
• Involve when L-Sensor desire to send their sensing data to the
corresponding H-Sensor
– Intercluster Encrypt
• Each H-Sensor aggregates the received data and then encrypts and
signs the aggregated result
– Aggregate
• If an H-Sensor receives ciphertexts and signatures from other HSensor on its routing path, it activates the Aggregate procedure
– Verify
• Ensure the authenticity and integrity of each aggregated result
18
RCDA Scheme for Heterogeneous WSN
• Setup
– (RHi, PHi ): the BS generates this key pair for each
H-Sensor according to KeyGen(Boneh’s scheme),
i.e., RHi = xi and PHi = vi
Privacy key , randomly selected from Zp
Public key, where vi = xi*g
– (RBS, PBS): This key pair is generated by
KeyGen(Mykletun’s scheme), i.e., PBS = {Y, E, p, G,
n} and RBS = t
Y = t*G, E is an elliptic curve over a finite Fp, p is a prime number,
G is a generator on E, n is the order of E, t is a privacy key
randomly from Fp
19
RCDA Scheme for Heterogeneous WSN
• Setup
– The BS loads PBS to all L-Sensors. Each H-Sensor is
loaded its own key pair (PHi, RHi), PBS, and several
necessary aggregation functions
– Each L-Sensor is required to share a pairwise key
with its cluster head
20
RCDA Scheme for Heterogeneous WSN
• Intracluster Encrypt
– Ensure the establishment of a secure channel
between L-Sensors and their H-Sensor
21
RCDA Scheme for Heterogeneous WSN
• Intercluster Encrypt
– After collecting all sensing data from all cluster
members, an H-Sensor performs the prefered
aggregation function on these data as its result
22
RCDA Scheme for Heterogeneous WSN
• Intercluster Encrypt
Boneh’s signature
Mykleton’s Encrypt
23
RCDA Scheme for Heterogeneous WSN
• Aggregate
– If H3 receives (c1, ) from H1 and (c2, ) from
H2, H3 will execute this procedure to aggregate
(c1, ), (c2, ) and its own (c3, ) as follows:
– Finally, H3 sends (
) to H5.Similarly, H5 can
also aggregate (c4, ), (c5, ), and (
) then
get a new aggregated result (
) to the BS
24
RCDA Scheme for Heterogeneous WSN
• Verify
– 1)
– 2)
– 3)
– 4)
?
25
Outline
•
•
•
•
•
•
Introduction
Encryption Scheme and Signature Scheme
RCDA Scheme for Homogeneous WSN
RCDA Scheme for Heterogeneous WSN
Implementation and Comparisons
Conclusion
26
Implementation and Comparisons
• Implementation
27
Implementation and Comparisons
• Comparisons
– RCDA-HOMO has worst performance evaluation,
because RCDA-HOMO provides better security
28
Conclusion
• The base station can securely recover all
sensing data rather than aggregated results
• Integrate the aggregate signature scheme to
ensure data authenticity and integrity in the
design
29
