Secure Data Aggregation in Wireless Sensor Network Authors Name Institution Introduction Murthy and Manoj 2004 define wireless sensor networks (WSNs) as a distributed network of small yet lightweight sensor nodes [14]. These nodes are deployed in large scale in an effort of monitoring the environment or a given system through providing data relating to the physical parameters such as pressure, temperature, and humidity. The deployment of sensor nodes in large numbers contributes to an ad-hoc network that has the capability to report to the data collection sink. Currently, WSNs are widely used in various applications such as urban sensing, Tsunami predictions, volcano and fire monitoring as well as perimeter surveillance. Data aggregation in WSNs is referring to the ability to combine partial results at intermediate nodes during the routing of messages. The technique is used to reduce energy consumption and communication overheads. It is an essential paradigm for wireless routing in sensor networks [15]. Data aggregation works under the principle of reducing redundancy and minimizing the number of transmissions, and this saves energy. Thus, the approach shifts from the traditional address-centered approaches used in networking [1]. Traditionally, short routes were determined between pairs of end-nodes. On the contrary, it finds routes from different sources towards a single destination that allows the consolidation of any redundant data. There are various aggregation techniques as provided below in details Centralized approach this approach addresses centric. Every node in the network sends data to the central node through the shortest possible route through a multihop wireless protocol. The powerful node in the network gets all the data packets as they are forwarded from the other nodes. This node then aggregates all the data receives, and it can be queried. All intermediate nodes receive the data packets from the child nodes and forwards them to the leader node. Therefore, the messages transmitted using this approach are large and in the best case scenario, they are equal to the external lengths of each node in the network. In-network aggregation-the approach involves gathering and routing information using a multihop network, data processing taking place at the intermediate nodes to keep resource consumption to a minimum and thus ensuring an increased lifetime for the network [19]. Using this model, two approaches can be used; without size reduction and with size reduction. With size reduction involves the combination of data packets received and compressed them by a node from the neighbors in an attempt of reducing the length to be transmitted to the sink. Without size reduction involves combining the data packets received from the different nodes into a single packet where the value of the data is not processed. Tree-based approach-aggregation in this approach is performed through the formation of an aggregation tree [18]. The tree is rooted at the sink, and the leaves are the source nodes; this is a minimum spanning tree [17]. Every node in the network has a parent node that is responsible for data forwarding and the data flow starts from the leave nodes and up to the sink where the aggregation is performed by the parent nodes. Cluster-based aggregation the entire network is divided into clusters in this approach. Every cluster has a cluster head that is selected from all the members [8]. The cluster heads are responsible for aggregating the data received from the other clusters and also transmit the data to the base station. Data aggregation Security There are some similarities between traditional wireless networks and wireless sensor networks. Among them are the security requirements for the two protocols. However, in addition to the similarities, some unique specifications are only found in WSNs are should be attended to during the design of the protocol [14]. The security properties relevant in the strengthening of the security of the networks are provided below. Data confidentiality the contents of the information in transit should be revealed to any party that is not authorized to have access [6]. Data confidentiality may be divided into secure data aggregation schemes, end to end basis or hop-by-hop scheme. In the hop by hop scheme, data should be decrypted at every aggregator point [12]. Also, after decryption, an aggregation function is applied and the aggregation data then encrypted before sending it to the aggregator point. Extra computation in WSN makes this not feasible. Data integrity-message content should be ensured not to have been altered either by intent, malicious or by accident during the transmission [3]. Data integrity builds on the confidentiality and assures the end user that the information received has not been altered while in transit and is as originally sent by the sender. Data freshness-protects the aggregation schemes against replay attacks by ensuring that the data is recent and that no old messages have been received [13]. Data freshness builds on confidentiality and data integrity by ensuring that an adversity cannot replay a shared key and misled concerning a current key. Data availability ensures that information in the network can be accessed when desired. Keeps checks on whether the system is alive by eliminating compromised nodes that may hinder information transit. Some schemes necessary in a secure data aggregation scheme are; 1) self-healing- the ability of the node to diagnose and react to the attackers activities is a counter measure. 2) Aggregator rotation- rotates the duties of aggregation between the nodes to balance the consumption of energy in the WSN [4]. Authentication both entity and data authentication should be supported in the model to support security. Entity authentication allows the message receiver to determine whether the message is sent by the said sender. Data authentication, on the other hand, guarantees that the data received is similar to the original data. Non-repudiation guarantees that the packet that has been sent and received by the sender claiming to do so [21]. Once an aggregator sends aggregation results, no room for doubt and deny should be left. Therefore, the base station can determine the cause of any changes in the aggregation results. Data accuracy-the aggregated data should be provided as accurately as possible [8]. The worthiness of reducing the number of bits in the aggregator data is only realized if the data accuracy is high. During the design phase, data accuracy and aggregated data size trade-off should be considered since the need for high accuracy involves sending more bits which translate into more power consumption. Existing Schemes Description Cryptographic-based Schemes The purpose of the cryptographic schemes is to prevent aggregators from attacks such as node compromise attacks, which occur due to lack of tamper-resistant hardware. Their role is to increase the required effort of the adversary to succeed in launching the attack for the attack. An example of a cryptographic based technique is when the Merkel harsh tree is used in Pryzdatek et al. s scheme. It is used to facilitate the verification process at the querier and maintain the reliability of the aggregation results. In the past, Sang et al. [22] classified cryptographic schemes as hop-by-hop encrypted and end-to-end encrypted data aggregation. Unfortunately, the classification failed to detail the security and performance analysis of these schemes. Therefore, after conducting a survey, a classification that determined the number of times data was aggregated and the presence of a verification phase in the scheme was developed. In the new classification, current data aggregation scheme was placed under either single aggregator model or multiple aggregator model [22]. In Single Aggregator Model, the process occurs once between the sensor nodes and the base station meaning that only one aggregator is used in this model. For it to be successful, the aggregator node must be powerful to accommodate high communication and computation. However, this model can only operate in small networks because risk is incurred when large networks implement the model due to the high data redundancy at lower levels. The various secure data aggregation schemes that use model are Przydatek et al. s scheme, Du et al. s scheme, Mahimkar & Rappaport s scheme, and Sanli et al. s scheme. The schemes Sanli et al. and Du et al do not require any verification phase while Przydatek et al., and Mahimkar & Rappaport require a verification phase. A verification phase is not needed where the base station can verify the reliability of the aggregation results without interacting with the network. However, there are times when the home server needs to verify the reported data from the aggregator. The next phase is the adversarial mode and attack resistance where the schemes are considered as adversaries that can prevent an attack. The last phase is the security services and each scheme is evaluated on the level of data aggregation security. The multiple aggregator model use more than one aggregator node before aggregated data reaches the base station. It is more effective than the single aggregator model because it can be used for large networks. The secure data aggregation schemes present in this model are Sanli et al. s scheme, Hu & Evans s, Westhof et sl., and Jadia & Mathuria s scheme. Most the schemes require a verification phase while some of them do not require. Cryptographic-based secure data aggregation tries to solve the data aggregation security problem. In addition, there is no standard adversarial model where the data aggregation models are evaluated on the level of security or resilience to attacks. In summary, the cryptographic-based secure data aggregation schemes are important in providing security and determining the attacks they are secure against. Upon conducting a security analysis on the schemes, it is important to note that they do not provide sufficient protection against node compromise attacks as they are vulnerable to different types of attacks. Cryptographic-based schemes performance analysis indicates that schemes that use the multiple aggregator model are more efficient in transferring bits to accomplish the aggregation phase that those that use the single aggregator model. Trust-based Schemes The trust-based schemes were developed to improve the efficiency of the cryptographic schemes in monitoring the network activities and detecting related issues to the node compromise. They are systems that can collect, process and distribute feedback about the history of the sensor s behaviors. The schemes are used to strengthen the performance and security levels of the WSNs through monitoring, evaluating the quality of activities, and warning the nodes of malicious threats. This is done using four phases, which are information gathering and sharing, information modelling, decision making and dissemination. The first phase involves evaluating the activities and collecting information about the system and the nodes, while the second phase involves the calculation of trust values for the nodes. After gathering and evaluating the information, the decision making phase follows where the trustworthiness of a specific node is analyzed to ensure that the interaction is valid. (Ozdemir & Xiao, 2009) The dissemination phase ensures that the trust values are available at each sensor node. The schemes found in this system are Boukerche & Ren, Shaikh et al., Michiardi &Molva, Srinivasan et al., and Ozdemir s Scheme. The trust-based systems are evaluated according to the scope they consider, trust components and the security attacks they shield against. The best scheme and most effective, and which has gained a lot of insight is the Ozdemir s scheme. The trust-based schemes are prone to attacks due to lack of an understanding on the phases of the trust-based system. The schemes deplete resources due to the many nodes present in a network. A watchdog mechanism is also needed to help monitor the routing, sensing and aggregation, otherwise applying this scheme to a localized scope is not practical. Finally, another drawback is that the Ozdemir scheme is vulnerable and open to attacks [22]. Concealed data aggregationIt is a secure version of the in-network aggregation (INA) for the WSNs. Compared to the secure data aggregation schemes, which re-encrypt and decrypt the values on specific aggregation nodes, concealed data aggregation offers end-to-end security and reduces network traffic. It is done through the aggregation of intermediate nodes [23]. CDA is resilient against specific attacks [24]. The existing schemes in this proposed security model are WGA and CaMy Ts-Algorithim (CMT). CMT is considered as the most efficient CDA scheme. Concealed data aggregation uses cascaded privacy homomorphism to overcome security problems, which uses very low additional costs [23]. It is imminent that a major challenge facing WSNs in the performance of data aggregation is maintaining data confidentiality. Seamless integration of data confidentiality and aggregation has been proposed through the application of privacy homomorphism based secure data aggregation schemes [25]. However, hierarchical data aggregation is limited. A concealed data aggregation protocol allows the aggregation of data packets that are encrypted using different keys. Therefore, irrespective of the key used for encryption, data from all the sensor nodes may be aggregated while upholding data confidentiality. In the process of decrypting the aggregated data, the base station classifies the sensor data on the basis of the encryption key used [25]. In concealed data aggregation protocol, the intermediate nodes are not required to perform any operations on the sensed plaintext data. Proposed Reputation ?based Scheme The shortcomings of the Cryptographic-based schemes and the Trust-based schemes led to the proposition of a reputation-based secure data aggregation scheme. Cryptographic lacks the mechanisms to fully protect the WSNs especially in their hostile environments. They put the sensor nodes at risk of being taken over by the adversaries. The purpose of the reputation-based secure data aggregation system is to reduce the cryptographic mechanisms at the same time developing a competitive secure data aggregation scheme. It also considers the possibility of WSN related and reputation related attacks during design period, therefore outperforming other schemes. It is not limited to a single aggregation rather a multiple function and provides a dynamic and rapid response to attacks [22]. The level of security offered is high because it integrates aggregation functionalities with a reputation system. Its performance and security analysis were tested on the basis of attack, abrupt change and strategy based on-off attacks. The performance results were high and it offered security against many of the attacks. The proposed reputation-based scheme is resilience to attacks, unlike Ozdemir s scheme (Ozdemir & Xiao, 2009). The scheme solves the problem of attacks through preventing node compromise attacks before they change the aggregation results. Compared to cryptographic-based schemes and trust-based schemes, the proposed reputation-based scheme is effective in providing security to the nodes and preventing a relapse of the attacks. Summary The secure data aggregation model (SDA) was proposed by Hu & Evans (2003) whose work involved the study of data aggregation problems upon the compromise of a given node. SDA protocol aims at being resilient against the compromise of a node through creating delays at the upper levels of aggregation and authentication [17]. Measurement of sensors are forward without being changed and then aggregated at the second hop as opposed to aggregating them at the immediate next hop [11]. Sensors need data buffering to authenticate open the revelation of the shared key at the base station. Thus, this scheme offers data authentication, integrity, and freshness. Jadia and Mathuria (2004) improved SDA in ESA where instead of using TESLA to authenticate the broadcast of the base station, they propose the use of one-hop pairwise keys to enhance data encryption between a parent and a node [7]. A two-hop pairwise key is also proposed to encrypt further data between a node and a grandparent. Thus, this adds data confidentiality and reduces memory overhead to the secure aggregation scheme. However, the scheme has limitations in that it is bent to a breakdown if two or more consecutive nodes in the hierarchy are compromised [2]. A secure information aggregation was further proposed by Przydatek et al. (2003) known as the aggregate commit prove. It provides resistance to stealthy attacks aggregate manipulation where the aim of the attacker is to impose fake aggregation results to the user without having to prove their origin or presence [19]. Wagner (2004) proposed a mathematical framework RA that evaluates the security of resilient aggregation techniques. The framework determines the extent of damage an attacker may cause upon compromising some nodes and using them to introduce erroneous data [3]. The median function was proposed as an excellent method of providing summaries of the statistics [20]. Furthermore, a witness based data aggregation scheme (WDA) was proposed by Du et al (2003) to guarantee the validation of the data sent from an aggregator node to a base station. WDA offers data integrity to the data aggregation. However, since the point of the aggregator is fixed and equipped to handle a lot of traffic, the aggregator resources do not hold for long. SecureDAV was proposed by Mahimkar & Rappaport (2004) to improve the vulnerability of data security and integrity in SDA and ESA through signing the aggregated data [6]. Every sensor with a cluster has a share of cluster key and generates a partial signature on the aggregated data. Sensor readings in the same cluster receive by the aggregator causes it to broadcast the average of the readings. A threshold is used that sensors use as a measure of the average and the established threshold. The scheme has some drawbacks in that it requires the high cost of communication on the validation of data and it only supports AVG function aggregation [16]. A secure hop by hop data aggregation protocol (SDAP) was proposed by Yang et al. (2006) that can function as more than one compromised node. It is based on two principles; commit and attest and divide and conquer. The protocol was proposed to reduce and eliminate the damage of compromising aggregator at the high level in the per-hop aggregation scheme. Using the divide and conquer principle, the network tree is divided into logical subtrees which increase the number of aggregators and drastically reduces the number of nodes in every subtree [14]. This also reduces the damage that is caused by compromising an aggregator of every subtree. The commit and attest principle enhances the hop by hop aggregation through adding a commitment property [5]. This helps the base station to determine, ascertain and prove the correctness of the aggregated data. To ensure the high level of security, it is recommended that this scheme sends more data. Some unresolved issues remain intact in the area of secure aggregation for sensor networks. Tree-based algorithms are prone to message losses due to compromised nodes or node failures [8]. Research have an avenue to explore the relation of performance and security tradeoffs in attacks resilient to synopsis diffusion. References [1] Adaptive aggregation scheduling using aggregation-degree control in sensor network , ces, 2014. [2]W. Xu, ?Research on Software Aggregation to Service Aggregation , AMR, vol. 282-283, pp. 253-256, 2011. [3]Y. Lu, I. Comsa, P. Kuonen and B. Hirsbrunner, ?Adaptive data aggregation with probabilistic routing in wireless sensor networks , Wireless Netw, 2015. [4]S. Gopikrishnan and P. Priakanth, ?HSDA: hybrid communication for secure data aggregation in wireless sensor network , Wireless Netw, 2015. [5]S. Huang, S. Shieh and J. Tygar, ?Secure encrypted-data aggregation for wireless sensor networks ,Wireless Netw, vol. 16, no. 4, pp. 915-927, 2009. [6]M. Esnaashari and M. Meybodi, ?Data aggregation in sensor networks using learning automata ,Wireless Netw, vol. 16, no. 3, pp. 687-699, 2009. [7]M. Asemani and M. Esnaashari, ?Learning automata based energy efficient data aggregation in wireless sensor networks , Wireless Netw, vol. 21, no. 6, pp. 2035-2053, 2015. [8]A. Ouksel and D. Lundquist, ?Reducing redundant data transmissions in wireless ad hoc networks: comparing aggregation and filtering , Wireless Netw, vol. 21, no. 7, pp. 2155-2168, 2015. [9]S. Xiao, J. Huang, L. Pan, Y. Cheng and J. Liu, ?On centralized and distributed algorithms for minimizing data aggregation time in duty-cycled wireless sensor networks , Wireless Netw, vol. 20, no. 7, pp. 1729-1741, 2014. [10]W. Jung, K. Lim, Y. Ko and S. Park, ?Efficient clustering-based data aggregation techniques for wireless sensor networks , Wireless Netw, vol. 17, no. 5, pp. 1387-1400, 2011. [11]X. Li and D. Hunter, ?Four-dimensional Markov chain model of single-hop data aggregation with IEEE 802.15.4 in wireless sensor networks , Wireless Netw, vol. 18, no. 5, pp. 469-479, 2012. [12]S. Su and H. Yu, ?Minimizing tardiness in data aggregation scheduling with due date consideration for single-hop wireless sensor networks , Wireless Netw, vol. 21, no. 4, pp. 1259-1273, 2014. [13]M. Rezvani, A. Ignjatovic, E. Bertino and S. Jha, ?Secure Data Aggregation Technique for Wireless Sensor Networks in the Presence of Collusion Attacks , IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 1, pp. 98-110, 2015. [14]S. Mehta and K. Kwak, ?An Energy-Efficient MAC Protocol in Wireless Sensor Networks: A Game Theoretic Approach , EURASIP J Wirel Commun Netw, vol. 2010, no. 1, p. 926420, 2010. [15]S. Kaur and L. Mahaj, ?Power Saving MAC Protocols for WSNs and Optimization of S-MAC Protocol , International Journal of Radio Frequency Identification & Wireless Sensor Networks, p. 1, 2011. [16]Y. Xue, Y. Cui and K. Nahrstedt, ?Maximizing Lifetime for Data Aggregation in Wireless Sensor Networks , Mobile Networks and Applications, 2006. [17]T. Rahayu, S. Lee and H. Lee, ?A Secure Routing Protocol for Wireless Sensor Networks Considering Secure Data Aggregation , Sensors, vol. 15, no. 7, pp. 15127-15158, 2015. [18]J. Chen, H. Ma and D. Zhao, ?Private data aggregation with integrity assurance and fault tolerance for mobile crowd-sensing , Wireless Netw, 2015. [19] N., ?Fuzzy Based Secure Data Aggregation Technique in Wireless Sensor Networks , Journal of Computer Science, vol. 8, no. 6, pp. 899-907, 2012. [20]L. Liu, Y. Wang and Q. Yan, ?Secure Data Aggregation Research for Wireless Sensor Network ,AMM, vol. 341-342, pp. 1205-1209, 2013. [21]Q. Zhou, G. Yang and L. He, ?A Secure-Enhanced Data Aggregation Based on ECC in Wireless Sensor Networks , Sensors, vol. 14, no. 4, pp. 6701-6721, 2014. [22]Ozdemir, S., & Xiao, Y. (2009). Secure data aggregation in wireless sensor networks: A comprehensive overview. Computer Networks, 53(12), 2022-2037. http://dx.doi.org/10.1016/j.comnet.2009.02.023 [23] Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin and Hung-Min Sun, ?RCDA: Recoverable Concealed Data Aggregation for Data Integrity in Wireless Sensor Networks , IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 4, pp. 727-734, 2012. [24]S. Ozdemir and Y. Xiao, ?Integrity protecting hierarchical concealed data aggregation for wireless sensor networks , Computer Networks, vol. 55, no. 8, pp. 1735-1746, 2011. [25]Y. Lin, S. Chang and H. Sun, ?CDAMA: Concealed Data Aggregation Scheme for Multiple Applications in Wireless Sensor Networks , IEEE Trans. Knowl. Data Eng., vol. 25, no. 7, pp. 1471-1483, 2013.
Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.
[order_calculator]
