DOC

A Power Efficient Aggregation of Encrypted Data in Wireless Sensor Network

By Arthur Kennedy,2014-01-26 09:56
7 views 0
A Power Efficient Aggregation of Encrypted Data in Wireless Sensor Network

A Power Efficient Aggregation of Encrypted

    Data in Wireless Sensor Network

    NaturaISciences

    ArtitieID:10071202(2006)06156306

    Vo1.11No.620061563.1568

    DatainWirelessSensorNetwork

    HUANGXingyang,YANGMing

    InstituteofCommandAutomation,PLAUniversityof ScienceandTechnology.Nanjing210007,Jiangsu,China Abstract:In-networkdataaggregationinwirelesssensor networkhasbeenshowntoimprovescalability,prolongsen

    sotnetwork1ifetimesanddiminishcomputationaldemands. However.thenodethatplaystheroleofdataaggregationwil1 consumemuchmoreenergythancommonnodesandmayquit themissioninadvanceduetoenergyexhaustingbecauseof tamngdecryptionandre-encryptlonoperation;moreover,it willbringcomplexkeymanagementtoensurethesecurityof thedataandcorrespondingkeys.Thispaperwasdesigned specificallytoaddressaboveproblembasedonthethoughtof privacyhomomorphism.Itcanachievetheperfectsecurity 1eve1equa1toone-timepadwithmuch1owerenergyconsump tion;moreover,itcanbeprovedtoresisttheattackofnode capture.Usingthesimulationandanalysis,weshowthatour schemeconsumetheenergyonlyabout21ofAEDscheme. Keywords:dataaggregation;privacyhomomorphism; perfectsecurity;networkclustering;wirelesssensornetwork

CLCnumber:TP309

    Receiveddate:20060520

    Foundationitern:SupportedbytheNationalNaturalScienceFoun dationofChina(90304015)

    Biographv:HUANGXinyang(1979),male,Ph.ncandidate,re

    searchdirection;keymanagement,securityprotocolofwirelessnet

    work.E-mail:xinyang.huang@163.corn

    tTowhomcorrespondcnccshouldbeaddressed.E-mail:pantong@ public1.ptt.js.cn

    0Introduction

    (WSNs)usuallyconsistsof

    itstypicalapplicationsinclude

    habitatmonitorE,robotictoysE,targettracking[,bat

    tlefieldmonitoring[.

    Comparetotraditionalnetwork,WSN

    hasfollowingimportancefeatures:

    ?Duetothebroadcastnatureofthetransmissionmedi

    umanddeployinginunattendedandoftenadversafialenviron

    ments,thesemakeinformationmorevulnerableandexpose nodesincurphysicalattack.Whenthenetworkisdeployedin thebattlefieldtocollecttheinformation,thesecuritymecha

    nismsmustensurenotonlythedataprivacy,butalsohasthe abilityofresiliencytonodecaptured.

    ?Sensornodepossesses1imitedcomputation,energy, andmemoryresources,techniqueappliedinsuchnetwork cannotcausetoomuchenergyconsumption.Datafusionand aggregationtechnique1sveryimportancetosavingtheenergy consumptions.SuchasDirectedFusionE,Ref.[8]and[9] hascarriedoutin-depthresearchinthisfield. Mostpriorworkhasfocusedonkeymanagementprotocol

    includeauthentication.routingandDoSresistance. Noabove-mentionedschemehadconsideredsupporting thein-networkprocessingduringthedesignstage.Ref.El8_ 2o]andSurvivableandEfficientClusteredKeying(SECK)LJ putforwardaseriesofsecuritymechanismstosupportthein- networkprocessing.Ref.r22]putforwardaloealized,dis

    tributedprotocol(LDP)fordistributedwirelesssensornet

    work(DWSN).Thisschemehasapoorresiliencytonode captureandlowernetworksurvivability.Theseschemeshave consideredthesecuritysupportingofin-networkdataprocess

    ing.butalloftheschemerequiretheAG(wecallthenodes 1563

    thatplaytheroleofdataaggregationasAG)todecrypt thedatafirstandre-encryptthemafterdataaggregation, sotheAGw?consumemuchmoreenergythancommon

    nodes.

    Ref.[23]firstlyputforwardarithmetictoaggregate theencrypteddata(AED),whichcanreleasetheAG fromheavycomputationsofencryptanddecryptopera

    tion.Butthisarithmeticcompromisethesecurityandthe energyconsumption,namely,toachievetheperfectse

    cure,itscommunicationwil1increasedramaticallyand consumemuchmoreenergy.Ontheotherhand,itcan

    notresisttheattackoffrequencyanalysisattack;moreo ver,itcannotresisttheattackofnodecaptureinthe WSNs.

    weputforwardapowerefficiencyaggregationofen

    crypteddataarithmetictoaddressaboveproblembased onPrivacyHomomorphism(PH)todevelopAED

    schemewiththefollowingadvantages:Ourschemecan simplyaggregatetheencrypteddataandreleaseAGfrom heavyencryptanddecryptoperation.Itcanbeprovedto achievethesecuritylevelofonetimepad.whichensures thedataprivacyofthenetwork.Moreover.itcanresist thenodecapturedandreducethedamagetominimum. Atlast.weshowthatourschemecansavetheenergy consumptionobservably,andthisisverycrucialto WSNs.

    1BackgroundsandProblemState-

    ment

    Inthissection.weintroducethebackgroundsand thebasicschemeAED,analyzeremainproblemsofbasic scheme.

    1.1Background

    Dataaggregationandfusionhasbeenwidelyusedin WSNs,whichcanreducethecommunicationandprolong sensornetworklifetimes.Butthereappearanothercon

    flictwhenimposethesecuremechanismuponthenet

    work.Dataaggregationandfusionmustgatherthe senseddataandprocessthem,thisprocedurerequirethe plaintext,namely,allthedataaggregationoperation mustdecryptthesenseddatafirst,andre-encryptedthem withitskeyafterfusionoperating.Obviously,thisimpo

    sestheAGwithheavycomputationofdecryptanden

    cryptsandintroducesmorekeymanagementtokeep thesekeyssecurely.Allabove-mentionedpaperrelieson thefashionofhop-by-hopencryption.

    1564

    InmanyWSNs,especiallyinDWSN,allnodesin

    thenetworkarewiththesameconditions;includecorn putation,energy,andmemoryresources.SotheAGin thenetworkwillquitthemissioninadvancebecauseof energyexhausting,themoreworseisthatitwilldivide thenetworkintoseveralunconnectedpartsduetothese nodesquit.

    PrivacyHomomorphic:Ahomomorphicencryption? schemeallowsarithmeticoperationstobeperformedon ciphertexts.LetE()denoteencryptionfunction.LetMji bethemessagespaceandCtheciphertextspacesuch thatMisagroupunderoperationOandCisagroup underoperation0.E()isa(O,O)homomorphicen

    cryptionfunctionifforfl=(rn)andf2(rn2),

    thereexistsakeyksuchthatc1Of2=(rnlOm2). SuchasRSAcryptosystem[,whichismultiplicatively homomorphic.

    AEDfirstlyputforwardanewschemebasedonad

    ditivelyhomomorphicencryption,whichallowsAGto aggregatetheencrypteddataoftheirchildrenwithout havingtodecryptthem.Asaresult,theattackerwon~t beabletoeavesdroponthedatafromintermediatenodes. resultinginmuchstrongerpnvacythananaggregation schemerelyingonbyhop-by-hopencryption. Inthisscheme,eachsensornode(SN)preloadsa keykandsharedwithbasestation(BS).TheSN;senses datami,encryptedwithkbythefollowingway:fE

    (mk,M)m+k(roodM)andsendittoAG,is

    randomproducedbySNforeachmessageandsendBS encryptedbyk.

AfterreceivingthesenseddatafromSN,AGcol

    lectsmessagesandaggregatesthembysimplyaddthem up:c=?=?m+?(roodM),andsendto

    BScandecryptthemessagebythefollowingway:m =

    D(f,k,=c-K(modM),where77zmi,k=

    ando<77z<MInthisscheme,Mmustbelarger thanml;otherwiseitscorrectnessisnotprovided. Inpractice,if=max(m)thenMshouldbeselectedas 户×咒.

    1.2ProblemStatement

    Heavycommunication:Inthisscheme,asshownin Fig.1,thereisnodesandanAGineachcluster.Nodes sendcmessagetoAG,andthenAGsendsanaggrega

    tiondatatoBS.Moreover,eachnodemustsendsfollow

    ?

    ?

0

    :0

    ingmessagetoBs:().,thecommunicationcostis2(n +1)+3,whichislargerthan2砌一ofnon-aggre

    gationscheme,wherehdenotetheaveragehopsfrom nodetobasestation,obviously,thiscostistooheavy. n1Dataaggregationmodelbasedondusters Lowersecurity:Obviously,extracommunication costisproducedbysendingthek;tobasestation,ifthis schemewanttoreduceitscommunicationcost,itmust replacewithacomparativelystablekeytoencrypt moremessage,suchaspreloadkeyk,butitwillbring

anotherproblemsshownasbelow.

    ForAG.itreceivesmessageftomitsneighbor sensornodesencryptedasformula(1),wewil1show thatthismannercan'tresisttheattackofnodecapture andfrequencyanalysis.

    c=m+k(modM),i=l,2,,(1)

    ForMSDU(MACservicedataunits)ofsenseddata intheadjacentregion,theywillbesimilarevenequal, suchascollectthehumidlyortemperatureoftheenviron

    ment.Thisiseasytounderstandifthesenseddatadonot havethesimilarity,thendataaggregationandfusionlost itsuse.Whenthenodeiwascaptured,itspreloadinfor

    marionwasdisclosed,theattackerthencouldgetthemes

    sagem.Inordertoillustrateitexplicitly,wedefinethe differencer0fmf%f,roisverysmallcomparetom/

    and^ThenthepreloadkeyinthenodeJcanbeexpress as=++ro,wheremiand=IcIisknown

    bytheattacker,namely,kj=Cro,whereCisacon

    stant.Herewedeemtheattackcaneasyttheciphertext andthisassumptionisreasonable.Sothenodesinthead

    jacentregioncannotensuretheprivacyofsenseddataac

    cordingtothewayofencryptingscheme.Nowwecancon

    dudethatthiswaycannotresisttonodescapture. Moreover,eventhoughthereisnonodeiscaptured, becausethebasicschemeuseakeyencryptmultiplemes

    sagessubstitutetheonetimepadtolowertheenergy consumption,throughfrequencyanalysisClcinformu

    la(1)attackercandiscovertheapproximatedistributing ofk1kbecausethemessage1issimilarandeven

equalandalsocandiscoverthedifferenceof"+1)

    m(?).

    2PowerEfficientAggregationof

    Beforedescribingourscheme,weexplainhypothesis andnetworkmodelofourscheme.

    Thereexistsabasestationwithmorepowerfulunit thansensenode.Thewholenetworkwasdividedinto clusterstoexecutethemonitormissionafterdeployment, shownasFig.1.Nodessensethedataandencryptthem andsendtheciphertexttoAG:eachAGaggregatesthe ciphertextdirectlyandthensendanaggregatedmessage tobasestationbyhops.Weillustrateouradditivelyho

    momorphicencryptionasbelow.

    2.1SensorNode-DaEncryption

    EachSNsensesthemessageandrepresentsthemas integer,sendsthec{attachitsidtoAG.Thec{isen

    cryptbyusingthefollowingfunction(2): f=E(,k,

    {=+h(hj(ki)Oki)(mod,j>1(2)

    ===m+h(k)(mod,J1

    Where7representsthejthmessagesendsbySNi, Jiskeptsynchronizationwithbasestation,Orepresent theXOR(exclusiveOR)operation;keykandhash functionh(x)ispreloadinthenodeibeforedeployment andkeepstheminsecret.Informula(2),where/71?

    [1,M13,k?[1,M13,then?()?[1,M1]

    and?(f)Ok?[1,M13.Moreover,theMislarger

    thanm{toensurethecorrectnessofdataaggrega

    tion.

    2.2DataAggregationNodeDataAggregation

    TheAGicollectthecopyciphertextsandthen aggregatethemintooneciphertextbysimplyadding themupwithoutdecryptionandre-encryption,namely, ci=

    ?;=m+(),where=?,ki()

    =

    ?h(hj()?ki)(mod.ThentheAGIsends

    thecattachitsidtothebasestationbyhops. 2.3BaseStationDataDecryption

    TheBSdecryptsthecfsendbyAGf:m=c

    k(),k()canbecalculatebytheformula

    ?(()?ki)(mod.

    1565

    Uptonow,theBScangetthesumofdataineach vicinityarea.BScanalsogettheaverage(denotedas AV),AV=,/n.Inordertogetthevarianceand standarddeviationofsenseddata,eachnodemustsend anothermessage()--E((),k,M)toAG,and

    othersproceduresissametoabove-mentioned.After computethe(),theBScanderivethevarianceasbe

    1ow:(_,,l)./,2A\,.1nsomesituation,thebasestation mayneedtheboundaryvalueofnetwork,andthenitcan requirethenodetosendthemadditionallyencryptedby itspreloadkey.

    3PerformanceAnalysisand

    SimulationResults

    3.1security

    Inourencryptionscheme,itssecuritymainlyrelies

    onthefollowingfeature:onekeyforonemessage.For differentseedkeyskandkf,h(k)?h(k,),moreover,

    hi(k)?hJ(k),sowecanderivethefollowingresult: h(M()0)?h(hj()0).Thisfeatureensures

    onekeypermessage.Soourencryptionschemereachthe securityofonetimepad,namely,perfectlysecures. 3.2ResiliencytoNodeCaptured

    1nWSNs,nodesinnetworkfacedthethreatenof beencaptured,whenthenodeiscaptured,theinforma tioninthenodeisdisclosure.Moreover.sensenodesare usuallyworkincollaboration,socompromiseanodemay imperilothernodes,mainlyitsdirectneighbors. Intimeof,AGreceivethefollowingmessages(3) sendbyitsclusternodes:

    ffl一嘲

    lc2=

    l=77

    +

    +

    +

    rood

    mod

    rood

    where=h(hj()Qk).

    Supposedthatnodeiiscapturedandk,Jf?()and aredisclosure.Becausethejthmessagecollectedinaclus terissimilarevenequal,theattackcangettheapproxima

    tioneventheexactvalueof

    tackerknownothingaboutkf

Report this document

For any questions or suggestions please email
cust-service@docsford.com