Prevention and Detection against Privacy Deficiency and Integrity Violation of Data Aggregation in Wireless Sensor Networks
A wireless sensor network (WSN) is an ad-hoc network composed of small sensor nodes deployed in large numbers to sense the physical world. Wireless sensor networks have very broad application prospects including both military and civilian usage. Sensors are usually resource-limited and power-constrained. They suffer from restricted computation, communication, and power resources. Sensors can provide fine-grained raw data. Alternatively, they may need to collaborate on in-network processing to reduce the amount of raw data sent, thus conserving resources such as communication bandwidth and energy. We refer to such in-network processing generically as data aggregation. In many sensor network applications, the designer is usually concerned with aggregate statistics such as SUM, AVERAGE, or MAX/MIN of data readings over a certain region or period. As a result, data aggregation in WSNs has received substantial attention. As sensor network applications expand to include increasingly sensitive measurements of everyday life, preserving data privacy becomes an increasingly important concern. For example, a future application might measure household details such as power and water usage, computing average trends and making local recommendations. Without providing proper privacy protection, such applications of WSNs will not be practical, since participating parties may not allow tracking their private data. We present two privacy-preserving data aggregation schemes called Cluster-based Private Data Aggregation (CPDA) and Slice-Mix-AggRegaTe (SMART) respectively, for additive aggregation functions in WSNs. The goal of our work is to bridge the gap between collaborative data aggregation and data privacy in wireless sensor networks. When there is no packet loss, in both CPDA and SMART, the sensor network can obtain a precise aggregation result while guaranteeing that no private sensor reading is released to other sensors. Observe that this is a stronger result than previously proposed protocols that are able to compute approximate aggregates only (without violating privacy). Our presented schemes can be built on top of existing secure communication protocols. Therefore, both security and privacy are supported by the proposed data aggregation schemes. In the CPDA scheme, sensor nodes are formed randomly into clusters. Within each cluster, our design leverages algebraic properties of polynomials to calculate the desired aggregate value. At the same time, it guarantees that no individual node knows the data values of other nodes. The intermediate aggregate values in each cluster will be further aggregated (along an aggregation tree) on their way to the data sink. In the SMART scheme, each node hides its private data by slicing it into pieces. It sends encrypted data slices to different intermediate aggregation nodes. After the pieces are received, intermediate nodes calculate intermediate aggregate values and further aggregate them to the sink. In both schemes, data privacy is preserved while aggregation is carrying out. We evaluate the two schemes in terms of efficacy of privacy preservation, communication overhead, and data aggregation accuracy, comparing them with a commonly used data aggregation scheme TAG, where no data privacy is provided. Simulation results demonstrate the efficacy and efficiency of our schemes. On the other hand, public safety sensor networks are receiving growing attention as a means of providing critical information to prevent and/or handle disasters. For example, first responder agents need to establish water pollution control system using sensor networks to monitor chemical levels, water pressure, and more. Sensor data could be sent over the network, so that it can be monitored constantly, enabling the public safety agents to detect and correct irregularities more quickly. For economic viability, the water monitoring sensors can be used for several other purposes, such as water meters. Water supplier can collect utility data automatically through the wireless sensors for billing and/or analyzing purpose. In such a water sensor system, it is very crucial to preserve not only the data privacy, but integrity of the collected data. We propose a novel method SPDA (Secure and Privacy-preserving Data Aggregation), to address the challenges for additive aggregation functions, such as sum, count, average, variance and other moment of the measured data. In the SPDA scheme, we build node-disjoint aggregation trees interweaving with each other in a sensor network. Since a node can only be in a single aggregation tree, malicious node can only pollute the aggregation result on a single tree. In this case, the base station can easily verify the integrity of the aggregation results. To preserve the data privacy, a sensor hides its reading by slicing it into pieces and sends encrypted data slices to different aggregators within its vicinity. Upon receiving the pieces from sensor nodes, aggregators calculate the intermediate aggregate values and further aggregate them to the base station along the disjoint trees. As long as the inputs to the disjoint trees are the same from each sensor node, the final aggregation results should be the same from two disjoint aggregation trees, if without node failure or packet loss. Therefore, both privacy and data integrity can be preserved by SPDA while aggregation is carrying out. To our best knowledge, this work is the first to address both security and privacy preservation of data aggregation in wireless sensor networks. The proposed SPDA scheme is light-weighted in terms of computation and communication. Moreover, our scheme achieves almost 100% accuracy of the aggregation results in a reasonable dense network.