Image Processing Reference
In-Depth Information
nodes. All
nodes in the network wait a certain period before they sum up all received partial terms together
withtheirownshare,andaggregatethereadingsontheirwaytowardthebasestation.Whilethis
scheme is able to withstand up to
J
J
−
of the partial terms encrypted to a different node of a randomly chosen set of
J
−
colluding attackers before confidentiality is compromised, it
gives individual compromised nodes extensive opportunity to manipulate the final aggregated value,
as no integrity or plausibility check is provided for. Also, it increases the amount of messages to be
sent and processed by a factor of
J
.
Ren et al. propose a privacy homomorphism-based data aggregation scheme ensuring data confi-
dentiality combined with hop-by-hop MACs based on elliptic curve cryptography to provide basic
integrity protection for exchanged messages [RKP]. Because the same privacy homomorphism
is used as in Ref. [GSW], the same security concerns regarding compromised nodes apply with
respect to confidentiality protection. Also, with its combination of the Domingo-Ferrer privacy
homomorphism and the hop-by-hop computation of MACs, the approach puts a rather heavy load
on participating sensor nodes.
To achieve confidentiality-preserving data aggregation in sensor networks without incurring
computation-intensive operations, Castellucia et al. propose a rather simple scheme that is based
on modular addition [CMT]. Each sensor node
i
shares a secret key with the base station and
uses this key to generate pseudorandom keystream sequences
k
i
thatareusedtoencryptindividual
sensor readings
x
i
. Furthermore, all sensor nodes know a network-wide parameter
M
,where
M
is
chosen large enough so that later operations will not lead to an overflow (see below). To encrypt a
sensor reading
x
i
, each node computes
E
−
k
i
mod
M
.Toaggregatetwoencrypted
messages, they are simply added modulo
M
. When the base station receives all aggregated values
together with set
I
of identifiers of the nodes that contributed to the aggregated values it computes
∑
(
x
i
,
k
i
,
M
)=
x
i
+
I
k
i
mod
M
.Tobeabletogeneratethecorrectkeystreams
k
i
,somekindof
synchronization between sensor nodes and base station is required (e.g., a counter that is transmitted
together with the sensor node's identifier). If
n
sensor nodes may contribute to an aggregated value,
M
needstobechosensothattheadditionofthe
n
sensor readings will not overlow. herefore,
M
should be chosen so that
M
I
E
(
x
i
,
k
i
,
M
)−
∑
i
∈
i
∈
⌈
n
⋅
log
(
max
(
x
i
))⌉
representing the maximum possible
value for a sensor reading
x
i
. As the scheme relies on individual keys between sensor nodes and the
base station, the compromise of individual sensor nodes does not affect the confidentiality of other
node's sensor readings. Furthermore, the authors recommend to combine this scheme with hop-by-
hop authentication to avoid external attackers to be able to inject bogus sensor readings, and also
point out that such measures are likely not suitable to protect against compromised sensor nodes
injecting false data (compare also the discussion of Ref. [Wag] above). he main advantages of this
approach are its low computational overhead and the increased security resulting from individual
keys per sensor node. Two major drawbacks are that the base station needs to know which node con-
tributed to an aggregated value, and that the use of keystreams needs to be synchronized between
sensor nodes and the base station, both limiting the total amount of data transmissions that can be
economized by this scheme.
≥
with max
(
x
i
)
10.7 Summary
Wireless sensor networks are an upcoming technology with a wide range of promising applications.
As in other networks, however, security is crucial for any serious application. Prevalent security objec-
tives in wireless sensor networks are confidentiality and integrity of data, as well as availability of
sensor network services being threatened by DoS attacks, attacks on routing, etc. Severe resource con-
straints in terms of memory, time and energy, and an “unfair” power balance between attackers and
sensor nodes make attaining these security objectives particularly challenging. Approaches proposed
for wireless ad hoc networks which are based on asymmetric cryptography are generally considered to
