1

RCDA: Recoverable Concealed Data Aggregation for Data Integrity in Wireless

Sensor Networks

Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, Hung-Ming Sun

IEEE Transactions on Parallel and Distributed Systems, Vol.23, No.4, April 2012

Presenter: 林顥桐Date: 2012/11/19

2

Outline

• Introduction• Encryption Scheme and Signature Scheme• RCDA Scheme for Homogeneous WSN• RCDA Scheme for Heterogeneous WSN• Implementation and Comparisons• Conclusion

3

Introduction

• The usage of aggregation functions is constrained

• The base station cannot verify the integrity and authenticity of each sensing data

4

Introduction

• RCDA– The base station can verify the integrity and

authenticity of all sensing data– The base station can perform any aggregation

functions on them

5

Encryption Scheme and Signature Scheme

• Encryption Scheme– Mykleton et al.’s Encryption Scheme

• Signature Scheme– Boneh et al.’s Signature Scheme

6

Encryption Scheme and Signature Scheme

• Mykleton et al.’s Encryption Scheme– Proposed a concealed data aggregation scheme

based on the elliptic curve ELGamal(EC-EG) cryptosystem

7

Encryption Scheme and Signature Scheme

• Boneh et al.’s Signature Scheme– Proposed an aggregate signature scheme which

merges a set of distinct signatures into one aggregated signature

– Based on bilinear map

8

Outline

• Introduction• Encryption Scheme and Signature Scheme• RCDA Scheme for Homogeneous WSN• RCDA Scheme for Heterogeneous WSN• Implementation and Comparisons• Conclusion

9

RCDA Scheme for Homogeneous WSN

10

RCDA Scheme for Homogeneous WSN

• Four procedures– Setup

• Base Station(BS) generates the key pairs– Encrypt-Sign

• Trigger while a sensor decides to send its sensing data to the cluster head(CH)

– Aggregate• Launched after the CH has gathered all ciphertext-signature pairs

– Verify• Receive the sum of ciphertext and signature from CH, BS can

recover and verify each sensing data

11

RCDA Scheme for Homogeneous WSN

• Setup– (PSNi , RSNi ): For each sensor SNi, the BS

generates (PSNi,RSNi) by KeyGen procedure(Boneh scheme) where PSNi = vi and RSNi = xi

– (PBS, RBS): These keys are generated by KeyGen procedure(Mykletun scheme) where PBS ={Y, E, p, G, n} and RBS = t

Privacy key , randomly selected from Zp

Public key, where vi = xi*g

Y = t*G, E is an elliptic curve over a finite Fp, p is a prime number, G is a generator on E, n is the order of E, t is a privacy key randomly from Fp

12

RCDA Scheme for Homogeneous WSN

• Setup– RSNi, PBS, H, are loaded to SNi for all i– BS keeps all public keys PSNi and its own RBS in

privacy

13

RCDA Scheme for Homogeneous WSN

• Encrypt-Sign

Boneh’s signature

Mykleton’s Encrypt

14

RCDA Scheme for Homogeneous WSN

• Aggregate

15

RCDA Scheme for Homogeneous WSN

• Verify– 1)

– 2)

– 3)

– 4) ?

16

Outline

• Introduction• Encryption Scheme and Signature Scheme• RCDA Scheme for Homogeneous WSN• RCDA Scheme for Heterogeneous WSN• Implementation and Comparisons• Conclusion

17

RCDA Scheme for Heterogeneous WSN

18

RCDA Scheme for Heterogeneous WSN

• Five procedures– Setup

• Necessary secrets are loaded to each H-Sensor and L-Sensor– Intracluster Encrypt

• Involve when L-Sensor desire to send their sensing data to the corresponding H-Sensor

– Intercluster Encrypt• Each H-Sensor aggregates the received data and then encrypts and signs the

aggregated result– Aggregate

• If an H-Sensor receives ciphertexts and signatures from other H-Sensor on its routing path, it activates the Aggregate procedure

– Verify• Ensure the authenticity and integrity of each aggregated result

19

RCDA Scheme for Heterogeneous WSN

• Setup– (RHi, PHi ): the BS generates this key pair for each

H-Sensor according to KeyGen(Boneh’s scheme), i.e., RHi = xi and PHi = vi

– (RBS, PBS): This key pair is generated by KeyGen(Mykletun’s scheme), i.e., PBS = {Y, E, p, G, n} and RBS = t

Public key, where vi = xi*gPrivacy key , randomly selected from Zp

Y = t*G, E is an elliptic curve over a finite Fp, p is a prime number, G is a generator on E, n is the order of E, t is a privacy key randomly from Fp

20

RCDA Scheme for Heterogeneous WSN

• Setup– The BS loads PBS to all L-Sensors. Each H-Sensor is

loaded its own key pair (PHi, RHi), PBS, and several necessary aggregation functions

– Each L-Sensor is required to share a pairwise key with its cluster head

21

RCDA Scheme for Heterogeneous WSN

• Intracluster Encrypt– Ensure the establishment of a secure channel

between L-Sensors and their H-Sensor

22

RCDA Scheme for Heterogeneous WSN

• Intercluster Encrypt– After collecting all sensing data from all cluster

members, an H-Sensor performs the prefered aggregation function on these data as its result

23

RCDA Scheme for Heterogeneous WSN

• Intercluster Encrypt

Boneh’s signature

Mykleton’s Encrypt

24

RCDA Scheme for Heterogeneous WSN

• Aggregate– If H3 receives (c1, ) from H1 and (c2, ) from

H2, H3 will execute this procedure to aggregate (c1, ), (c2, ) and its own (c3, ) as follows:

– Finally, H3 sends ( ) to H5.Similarly, H5 can also aggregate (c4, ), (c5, ), and ( ) then get a new aggregated result ( ) to the BS

25

RCDA Scheme for Heterogeneous WSN

• Verify– 1)

– 2)

– 3)

– 4) ?

26

Outline

• Introduction• Encryption Scheme and Signature Scheme• RCDA Scheme for Homogeneous WSN• RCDA Scheme for Heterogeneous WSN• Implementation and Comparisons• Conclusion

27

Implementation and Comparisons

• Implementation

28

Implementation and Comparisons

• Comparisons

– RCDA-HOMO has worst performance evaluation, because RCDA-HOMO provides better security

29

Conclusion

• The base station can securely recover all sensing data rather than aggregated results

• Integrate the aggregate signature scheme to ensure data authenticity and integrity in the design