Secure Data Aggregation in Wireless Sensor Networks: Filtering out the Attacker’s Impact
Wireless sensor networks (WSNs) are increasingly used in many applications, such as volcano and fire monitoring, urban sensing, and perimeter surveillance. In a large WSN, in-network data aggregation (i.e., combining partial results at intermediate nodes during message routing) significantly reduces the amount of communication overhead and energy consumption. The research community proposed a loss-resilient aggregation framework called synopsis diffusion, which uses duplicate insensitive algorithms on top of multipath routing schemes to accurately compute aggregates (e.g., predicate count or sum). However, this aggregation framework does not address the problem of false sub-aggregate values contributed by compromised nodes. This attack may cause large errors in the aggregate computed at the base station, which is the root node in the aggregation hierarchy. In this paper, we make the synopsis diffusion approach secure against the above attack launched by compromised nodes. In particular, we present an algorithm to enable the base station to securely compute predicate count or sum even in the presence of such an attack. Our attack-resilient computation algorithm computes the true aggregate by filtering out the contributions of compromised nodes in the aggregation hierarchy. Extensive analysis and simulation study show that our algorithm outperforms other existing approaches.
PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):
- To address the communication loss problem in tree-based algorithms an aggregation framework called synopsis diffusion is designed, which computes Count and Sum using a ring topology. Very similar algorithms are independently proposed. These works use duplicate-insensitive algorithms for computing aggregates based algorithm for counting distinct elements in a multi-set.
- Several secure aggregation algorithms have been proposed assuming that the BS is the only aggregator node in the network. These works did not consider in-network aggregation. Only recently, the research community has been paying attention to the security issues of hierarchical aggregation.
DISADVANTAGES OF EXISTING SYSTEM:
- A sensor node has limitation in terms of computation capability and energy reserves.
- Method is prohibitively expensive in terms of communication overhead.
- The possibility of node compromise introduces more challenges because most of the existing in-network aggregation algorithms have no provisions for security.
- A compromised node might attempt to thwart the aggregation process by launching several attacks, such as eavesdropping, jamming, message dropping, message fabrication, and so on.
- This paper focuses on a subclass of these attacks in which the adversary aims to cause the BS to derive an incorrect aggregate. By relaying a false sub-aggregate to the parent node, a compromised node may contribute a large amount of error to the aggregate.
- In this paper, we design an algorithm to securely compute aggregates, such as Count and Sum despite the falsified sub-aggregate attack. In particular, our algorithm which we call the attack-resilient computation algorithm consists of two phases.
- The main idea is as follows: (i) In the first phase, the BS derives a preliminary estimate of the aggregate based on minimal authentication information received from the nodes. (ii) In the second phase, the BS demands more authentication information from only a subset of nodes while this subset is determined by the estimate of the first phase. At the end of the second phase, the BS can (locally) filter out the false contributions of the compromised nodes from the aggregate.
- The key observation which we exploit to minimize the communication overhead is that to verify the correctness of the final synopsis (representing the aggregate of the whole network) the BS does not need to receive authentication messages from all of the nodes.
ADVANTAGES OF PROPOSED SYSTEM:
- We make the synopsis diffusion approach secure against the falsified sub-aggregate attack.
- Our algorithm outperforms other existing approaches in several metrics, such as the communication overhead. We declare that the communication overhead of our algorithm might be higher if the assumption about compromised nodes being uniformly distributed does not hold.
- Setting up Network Model
- Falsifying the local value
- Computing Sum Despite Attacks
- Performance Analysis
Setting up Network Model
Our first module is setting up the network model. We consider a large-scale, homogeneous sensor network consisting of resource-constrained sensor nodes. Analogous to previous distributed detection approaches; we assume that an identity-based public-key cryptography facility is available in the sensor network. Prior to deployment, each legitimate node is allocated a unique ID and a corresponding private key by a trusted third party. The public key of a node is its ID, which is the essence of an identity-based cryptosystem. Consequently, no node can lie to others about its identity. Moreover, anyone is able to verify messages signed by a node using the identity-based key. The source nodes in our problem formulation serve as storage points which cache the data gathered by other nodes and periodically transmit to the sink, in response to user queries. Such network architecture is consistent with the design of storage centric sensor networks
Falsifying the local value:
A compromised node C can falsify its own sensor reading with the goal of influencing the aggregate value. We assume that if a node is compromised, all the information it holds will be compromised. We conservatively consider that all malicious nodes can collude or can be under the control of a single attacker. We use a Byzantine fault model, where the adversary can inject any message through the compromised nodes. Compromised nodes may behave in arbitrarily malicious ways, which means that the sub-aggregate of a compromised node can be arbitrarily generated. However, we assume that the attacker does not launch DoS attacks, e.g., the multi-hop flooding attacks with the goal of making the whole system unavailable.
Computing Sum Despite Attacks:
In this module, we develop an attack-resilient protocol which enables BS to compute the aggregate despite the presence of the attack. We observe that, in general, BS can verify the final synopsis if it receives one valid MAC for each ‘1’ bit in the synopsis. In fact, to verify a particular ‘1’ bit, say bit i , BS does not need to receive authentication messages from all of the nodes which contribute to bit i . As an example, more than half of the nodes are likely to contribute to the leftmost bit of the synopsis, while to verify this bit, BS needs to receive a MAC only from one of these nodes.
For the proposed system protocol, we use the following specific measurements to evaluate its performance:
- Deviation of Estimate
- Number of (Unique) MACs
- Average Nodes Sent bits
- System : Pentium IV 2.4 GHz.
- Hard Disk : 40 GB.
- Floppy Drive : 44 Mb.
- Monitor : 15 VGA Colour.
- Mouse :
- Ram : 512 Mb.
- Operating system : Windows XP/7/LINUX.
- Implementation : NS2
- NS2 Version : 2.28
- Front End : OTCL (Object Oriented Tool Command Language)
- Tool : Cygwin (To simulate in Windows OS)
Sankardas Roy, Member, IEEE, Mauro Conti, Member, IEEE, Sanjeev Setia, and Sushil Jajodia, Fellow, IEEE, “Secure Data Aggregation in Wireless Sensor Networks: Filtering out the Attacker’s Impact”, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 9, NO. 4, APRIL 2014.