Secure Data Aggregation Using Some Degree of Persistent Authentication in Sensor Networks
1
Secure Data Aggregation Using Some Degree of Persistent
Authentication in Sensor Networks
Amrita Ghosal1 and Jyoti Prakash Singh2
1Durgapur
Institute of Advanced Technology and Management
2Academy of Technology
1
E-mail: ghosal_amrita@yahoo.com, 2jyotip.singh@gmail.com
ABSTRACT: Wireless sensor networks consist of a large number of sensor nodes and in this type of networks
security of data as well as using minimum amount of energy are two very important issues which are being dealt
with nowadays. In this paper, we have proposed a secure data aggregation tree (SAT) with persistent authentication
that will help to detect and prevent the cheating activities of any node in the network.
Keywords—Data Aggregation, Cheating Detection, Persistent Authentication.
INTRODUCTION
W
ireless sensor networks consist of hundreds to
thousands of inexpensive wireless nodes, each
having some degree of computational power and sensing
capability, operating in an unattended mode [1]. They are
intended for a broad range of environmental sensing
applications from vehicle tracking to habitat monitoring. A
sensor network consists of one or more “sinks” which are
also known as base stations which subscribe to specific
data streams by expressing interests or queries. The sensors
in the network act as “sources” which detect environmental
events and send relevant data to the appropriate subscriber
sinks. Information aggregation is a common operation
which is done in sensor networks Generally, information
collected at the sensor nodes needs to be transmitted to a
central base station for further processing, analysis, and
visualization by the network users. Information aggregation
refers to the computation of statistical means and moments,
as well as other cumulative quantities that summarize the
data obtained by the network. Such accumulation is
important for data analysis and for obtaining a deeper
understanding of the signal landscapes observed by the
network [3].
In sensor networks, the communication cost is often
much higher than the computation cost. To lessen the
communication cost, in-network data aggregation is
considered to be an effective technique. The inherent
redundancy in raw data collected from the sensors can
often be eliminated by in-network data aggregation. This
operation is also useful for extracting application specific
information from raw data [4]. The energy factor is also a
major concern in a sensor network which can be reduced to
a large extent by the use of in-network data processing.
Data aggregation could be in the form of data
compression or the calculation of some statistical values,
such as the mean, max, or min depending on the
application. Data aggregation reduces the amount of data
transmitted to the base station [2]. As some raw data items
may be invisible to the base station and thus their
authenticity and integrity are hard to guarantee. So, data
aggregation is potentially vulnerable to attackers who may
inject bogus information or forge aggregation values
without being detected.
It may have a disastrous impact if end users respond
according to the faulty information. Several methods have
been proposed to solve the above problem. Existing
methods depend on complex data authentication operations
or the statistical features of specific aggregation operations.
To guarantee correctness, persistent authentication
operations are used in most existing methods. Persistent
authentication mechanisms are very safe to be used in
sensor networks.
In this paper, we have tried to solve the above problem
by building a secure aggregation tree (SAT) having the
features of persistent authentication.
Firstly, the structure of the secure aggregation tree
(SAT) has been described.
Secondly, when the aggregation values obtained from an
aggregation node are in doubt, a weighted voting scheme is
proposed to confirm whether the aggregation node is
properly behaving or cheating.
CONSTRUCTING A SECURE AGGREGATION
TREE (SAT)
Structure of SAT
The structure of the aggregation tree is such that any child
node can monitor the behavior of its father node and the
cheating activities of any non-leaf (aggregation) nodes can
therefore be detected. A father node together with its child
nodes should form a clique. Thereby a child node will be
allowed to monitor its father node’s behavior, and so the
child node should also be able to know all the messages
that are sent from its sibling nodes to the father node.
184
A Distributed Algorithm to Build SAT
A distributed algorithm proposed earlier which was used to
build SAT had the assumption that each node knows its
one-hop and two-hop neighbors [2]. The one-hop neighbors
can be easily found with beacon messages, and the
information of two-hop neighbors can be found with one
local broadcast from each sensor node, indicating who its
one-hop neighbors are. The distributed algorithm builds the
aggregation tree starting from the sink node and includes
four steps as follows:
Step 1: The sink node locally broadcasts an invitation
message to all of its one-hop neighbors, indicating that they
should be its children. The invitation message contains the
IDs of all nodes that a father node wants to invite to join
the aggregation tree as its children. It should also include
the hop count value to make a node aware of its minimal
hop count to the sink node. The hop count value in the
invitation message from the sink node is set to zero.
Step 2: Once a node receives an invitation message, if this
node has not joined the aggregation tree and the invitation
message includes this node as a child node, then this node
joins the aggregation tree and records the sender of the
invitation message as its father node. It locally broadcasts a
join message to notify all its neighbors about this decision.
This invitation message is also called activating invitation
message since it requires the node to join the aggregation
tree. Once a node joins the tree, later received invitation
messages will be recorded for future use if the hop count
value in the invitation messages is smaller than the node’s
current hop count value. Another rule is applied which
states that if a node receives an invitation message but the
hop count value included in the message is 2 hops larger
than its current hop count value, then this invitation
message is ignored.
Step 3: After a node joins the aggregation tree, by
verifying its one-hop and two-hop neighbors, excluding
those sibling nodes indicated in the activating invitation
message, it can identify all the cliques that it belongs to. If
such cliques cannot be found, then this node works as a leaf
node. Otherwise, it selects the maximal clique and locally
broadcasts an invitation message with the hop count value
increased by one, indicating that all other nodes in the
selected clique should be its children.
Step 4: Step 2 and step 3 are repeated until all non-isolated
nodes have joined the tree.
If a node is disconnected from the sink node, it will not
receive any invitation message and will not join the tree. In
this case, the node is an isolated node and cannot be used
by any means. Due to the topological constraint that an
aggregation node together with its children should form a
clique, it is possible that some nodes may not join the
aggregation tree even if they have paths to the sink
node [2]. Such nodes are called sparse nodes since they
have only sparse set of neighboring nodes. But generally it
is found that the ratio of the number of sparse nodes over
Mobile and Pervasive Computing (CoMPC–2008)
the total number of sensor nodes is extremely small if the
network density is reasonably high. Therefore it is required
that the sparse nodes should send their messages to the sink
node without performing any in-network processing.
It is possible that in Step 2 and Step 3 local broadcast
messages may collide and the correct information may not
be received by receivers. Fortunately, this problem can be
easily avoided in our tree buildup process, since the order
of the broadcast messages from the children nodes can be
scheduled by the father node [2]. For instance, when a
father node makes the selection of its children, it can
arrange an arbitrary order for the children nodes’
broadcasts and piggyback this information in the invitation
message. Each child node is permitted to broadcast only in
its allocated timeslot. Furthermore, to reduce broadcast
overhead, a node may combine the join message and the
invitation message into one single broadcast.
The figure given below indicates all the steps required
for building up of the secure aggregation tree (SAT).
CHEATING DETECTION FOR DATA
AGGREGATION
Here the cheating detection is done in a very similar way to
that of watchdog mechanism where each node works in the
listening mode to monitor all transmissions within its
maximal radio range [5]. Every node, after sending a
packet to its next hop node, listens to the channel to check
if its next hop node relays the packet correctly [2].
Similarly, in case of SAT method also each node can
overhear all messages sent to its father node and can
monitor the message sent from its father node to its
grandfather node to check if the father node performs data
aggregation correctly. If a node’s father node sends out a
value that is significantly different from a correct
aggregation value, the node will raise an alert. So, if a
sensor node can overhear all messages sent to its father and
track the values that have been aggregated, the cheating
mechanism can be minimized [2]. In practice, however, it is
possible that some messages to the father node are lost or
the father node may not use exactly the same set of values
for aggregation due to time asynchrony. In both cases,
cheating detection with SAT may generate false alarms.
The false alarm rate is obviously dependant on the specific
application context and the criterion of raising alerts.
A weighted voting method where persistent
authentication has been applied has been proposed in the
next section.
WEIGHTED VOTING METHOD
Here, if a sensor node detects that its father node might be
cheating, it sends out an alert message to all its neighbors
except the father node [2]. The alert message contains the
cheating node’s ID, the detecting node’s and the confidence
value of the alert. The confidence values from all the nodes
Secure Data Aggregation Using Some Degree of Persistent Authentication in Sensor Networks
185
Fig: Illustration of the process of building up of SAT
are recorded. Then the weighted confidence value is
calculated using the formula:
F

m1
i 1
fi
m
Where
M—Total no. of sibling nodes in the clique.
m1—Total no. of sibling nodes that send out an alert
message.
But this above step is carried out only once. It may so
happen that a particular node is sending alert messages with
confidence values sent by other nodes sending alert
messages. If this difference is always found to be different
from the confidence values calculated by other nodes, then
that particular node can be considered to be a cheating node
and not the father node. So the weighted voting method
should be applied at least 4–5 times. This would prevent
nodes from sending out fake messages containing false
confidence values.
We can model the problem in this way. Suppose the
child nodes are indicated by C1, C2, ………………..Cm, i.e.
there are ‘m’ child nodes and let us suppose that each child
node is sending ‘n’ no. of data packets to its father node.
Then the ‘n’ no. of data packets from each child node will
also be sent to all its sibling nodes. Suppose nodes F, C1,
C2, C3, C4 form a clique where F- is the father node and C1
….C4 are the child nodes of F. Suppose node C1 has sent
‘n’ no. of packets to the father node F. Then nodes C 2, C3,
C4 will also receive ‘n’ no. of packets from C1. Then C2,
C3, C4 and F will calculate the aggregate values of the ‘n’
packets sent by C1. After that the difference between the
aggregated value of the father node and that of each node
C2, C3, and C4 is calculated. If all the differences are found
to be almost equal to each other, then none of the nodes are
cheating. But if a particular difference is to be not matching
186
with the differences of the other 2 child nodes, then that
particular child node might be cheating. If at every step the
difference of the aggregated value of that particular child
node is found to be a mismatch with the difference of the
aggregated values of other child nodes, then it can be
confirmed that, that particular child node is cheating.
RELATED WORKS
In previous works, the concept of data aggregation uses the
data centric protocol (DC) approach with the assumption
that the number of transmissions from any node in the data
aggregation tree will be exactly one, which is not possible
in real systems.
Sparse data aggregation uses the fact that there may
be many unknown sinks to whom the data aggregation
result [1] has to be sent and this may pose a serious security
threat. Another approach uses Forward Authentication
Protocol [3] where keys are exchanged between nodes for
security reasons but this idea adds extra overhead for the
sensor network. But this concept of using keys would not
be required for secure aggregation tree mechanism for data
aggregation.
Mobile and Pervasive Computing (CoMPC–2008)
REFERENCES
[1] Sparse Data Aggregation in Sensor Networks-Jie Gao,
Computer
Science
Department,jgao@cs.sunysb.edu
Leonidas Guibas Nikola Milosavljevic Computer Science
Department Stanford University, Stanford, CA 94305
guibas@cs.stanford.ed
nikolam@cs.stanford.edu
John
Hershberger Mentor Graphics 8005 S.W. Boeckman
Wilsonville, OR97070johnhershberger@mentor.com.
[2] Secure data aggregation without persistent cryptographic
operations in wireless sensor networks—Kui Wu a, Dennis
Dreef, Bo Sun, Yang Xiao.
[3] SIA: Secure Information Aggregation in Sensor NetworksBartosz Przydatek Carnegie Mellon University Pittsburgh,
PA 15213, USA bartosz@cmu.edu Dawn Song Carnegie
Mellon University Pittsburgh, PA 15213, USA dawnsong@
cmu.edu Adrian Perrig Carnegie Mellon University
Pittsburgh, PA 15213, USA perrig@cmu.edu
[4] Security Solutions for Wireless Sensor Networks (September
2006) Frederik Armknecht, Alban Hessler, Joao Girao,
Amardeo Sarma and DirkWesthoff, on the behalf of the
UbiSec&Sens consortium.
CONCLUSION
[5] Marti, S., Giuli, T.J., Lai, K. and Baker, M., Mitigating
routing misbehavior in mobile ad hoc networks, in mobile
computing and networking, 2000, pp. 255–65.
In this paper, we have proposed the idea of weighted voting
with persistent authentication. This will help in reducing
the bogus information sent by other nodes and so will help
to detect which nodes are cheating nodes in that particular
network. We are also in the process of simulating this
method of weighted voting with persistent authentication.
[6] The Impact of Data Aggregation in Wireless Sensor
Networks Bhaskar Krishnamachari Cornell University ECE
bhaskar@ece.cornell.edu Deborah Estrin UCLACS destrin@
lecs.cs.ucla.edu Stephen Wicker Cornell University ECE
wicker@ece.cornell.edu.