Hindawi Publishing Corporation - Research Article …downloads.hindawi.com/journals/ijdsn/2013/843485.pdfSMART scheme. In iPDA, data privacy is achieved through data slicing and assembling

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2013, Article ID 843485, 11 pageshttp://dx.doi.org/10.1155/2013/843485

Research ArticleAn Energy-Efficient and Scalable Secure Data Aggregation forWireless Sensor Networks

Taochun Wang,1,2 Xiaolin Qin,1 and Liang Liu1

1 College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016, China2 College of Mathematics and Computer Science, Anhui Normal University, Wuhu, Anhui 241003, China

Correspondence should be addressed to Xiaolin Qin; [email protected]

Received 11 November 2013; Accepted 10 December 2013

Academic Editor: Fatos Xhafa

Copyright © 2013 Taochun Wang et al.This is an open access article distributed under the Creative Commons Attribution License,which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Due to the characteristics of resource-constrained and battery-powered sensors in wireless sensor networks (WSNs), energyconsumption is always a major concern. Data aggregation is an essential technique to reduce the communication overhead andenergy consumption. Since many applications require data privacy, we need to take security into consideration. In this paper, wepropose an energy-efficient, secure, highly accurate, and scalable scheme for data aggregation (EESSDA).Themain idea of EESSDAis that secure data aggregation is achieved by establishing secure channel and slicing technology.TheEESSDA scheme does not needencryption and decryption operations during the data aggregation, which saves energy and obtain high accuracy of aggregationresults. Meanwhile, in EESSDA scheme, the advanced deployment of shared information between nodes is not required, makingthe networks with good scalability. Our analysis and simulations show that EESSDA is of lower communication overhead, moreefficiency and accuracy, and better privacy preservation and scalability than existing schemes.

1. Introduction

Wireless sensor networks (WSNs) are composed of a largenumber of sensor nodes to cooperatively monitor physical orenvironmental conditions, such as temperature, humidity, ornoise, at different locations. WSNs have become increasinglypopular in many military and civilian applications [1–3], forexample, in the military field, identifying and locating targetsfor potential attacks through WSNs and in civilian field,tracking a patient’s blood pressure, blood sugar, heart rate,and so forth. via wearable sensors to monitor the patient’shealth.

Sensor nodes are usually constrained in energy, commu-nication, storage, and computation capability, especially theones powered by batteries which cannot be replaced option-ally. Therefore, it is requisite for WSNs to save energy andincrease network lifetime. In [4], a node consumes approxi-mately the same amount of energy to compute 800 instruc-tions as it does in sending a single bit of data. Hence, reducingthe amount of traffic is a crucial way to save energy. WSNsusually generate large amounts of raw data in which there

exists high redundancy. So, it is important to develop efficientdata processing technique to reduce redundant data and theamount of transmission. Data aggregation [5–10] is an effi-cient method to eliminate data redundancy and save energy.However, data are transmitted by multihop and wireless inWSNs, whichmakes the transmission of data be captured andeavesdropped easily by a malicious attacker. In many appli-cations, WSNs encounter some serious security problems, sothe scheme of data aggregation not only optimizes raw dataand reduces the amount of transmission for network, but alsokeeps the network at a high level of security.

Generally, security requirements of the privacy-preserv-ing data aggregation scheme can be satisfied using encryptiontechnology. Privacy-preserving data aggregation scheme isclassified into two types: hop-by-hop and end-to-end. In hop-by-hop fashion, aggregator nodes must decrypt all sensordata they receive, aggregate the sensor data according to thecorresponding aggregation function, and encrypt the aggre-gation result before sending it to next hop node [11–14].End-to-end privacy-preserving data aggregation scheme per-forms data aggregation through homomorphic encryption

2 International Journal of Distributed Sensor Networks

technology. One intermediate (cluster head) node receivesthe ciphertexts from leaf (cluster) nodes and then aggregatesthem with its own encrypted sensor data; the result willfinally be sent to a next node [15, 16]. Obviously, the aboveprivacy-preserving data aggregation scheme will cause greatlatency and energy consumption because of the decryp-tion/encryption process. In [17], a new privacy-preservingdata aggregation protocol was proposed. Sink shares a ran-dom number (key) with each sensor node. Then each sensornode simply adds its data up with the random numberand gets a pseudodata which will be aggregated along theaggregation tree to the Sink. Knowing all the shared numbers,Sink can get the real aggregation results with subtraction.However, a portion of the sensor nodes may not participatein the data aggregation due to collisions, which is hard to betracked by Sink. In that case, Sink still subtracts all the sharednumbers from a pseudoaggregation result, whichmight yieldthe aggregation results with large deviations.

In this paper, we propose a secure, energy-efficient,scalable, and highly accurate scheme for data aggregation(EESSDA). In EESSDA, a secure channel is establishedbetween each sensor and its neighbor (i.e., the two sensorsshare a common random number) for transmitting messagewithout encrypting private data. Considering that the leafnodes’ data will be disclosed to intermediate nodes, inEESSDA, a technology similar to SMART in [11] (each nodeslices its private data randomly into 𝐽 pieces, one kept foritself and the remaining encrypted and sent to its neighboringnodes) is adopted. Different from SMART, our method canovercome the above mentioned disclosure just using theleaf nodes’ data and will consume much less amount oftraffic because only the leaf nodes need to decompose theirdata into slices, and intermediate nodes only need to sendone message for data aggregation. In conclusion, EESSDArequires no encryption/decryption operations and reducesthe amount of traffic. Therefore, EESSDA has high accuracyof the aggregation results, since it involves less collision andno case like Sink subtracting the randomnumber of the failednode appeared in [17]. In addition, because EESSDA doesnot require deploying shared common information betweennodes in advance, the network has good scalability, whichis essential for the cheap sensor with easy loss. Theoreticalanalysis and simulation results demonstrate that EESSDAexhibits an excellent performance in terms of security, energyefficiency, accuracy, and scalability.

Our contributions in this paper are as follows. (1)Privacy:EESSDA provides end-to-end data confidentiality by the useof secure channel and “slicing and assembling” technology onleaf nodes. (2) Energy efficiency: EESSDA does not requirethe encryption/decryption in processing of data aggregation,which economizes on energy consumption and latency. Onthe other hand, only the leaf nodes need to process “slicingand assembling,” so EESSDA greatly reduces the amount oftraffic and consumption of energy. (3) Accuracy: EESSDAreduces the amount of traffic and the latency of time anddoes not need encryption/decryption, which can improve theaccuracy of the aggregation because data packets have lesschance to collide. (4) Scalability: in EESSDA scheme, eachnode only needs to predistribute 𝑘 keys randomly drawn from

the key-pool, making the network have good scalability andmore suitable for the dynamic network.

The rest of the paper is organized as follows. In Section 2,we overview some related works on secure data aggregation.Section 3 introduces the network model and design goals. InSection 4, we give the detailed descriptions of our schemeEESSDA and analysis of its scalability. Section 5 evaluatesand simulates the proposed schemes of EESSDA. Finally, wesummarize our conclusions in Section 6.

2. Related Work

In typical WSNs, sensor nodes are usually resource-con-strained and battery-limited. There has been extensive workon data aggregation schemes to increase the lifetime ofWSNsby reducing the amount of traffic and resource consumption.However, these aggregation schemes have been designedwithout security inmind. In practice,WSNsmay be deployedin an untrusted environment in many applications, such asbattlefield, where an adversary may compromise nodes andreveal sensitive information. Hence, privacy-preserving is akey technology to extend the application ofWSNs.The securedata aggregation is becoming a new hot research topic inWSNs [11–16, 18].

Several secure data aggregation schemes have been pro-posed based on hop-by-hop encryption mechanism. In [12],SDAP was proposed based on the principle of divide-and-conquer and commitment-and-attest. First, SDAP dynami-cally partitions the topology tree into multiple logical groups(subtrees) of similar sizes using a probabilistic approach. Acommitment-based hop-by-hop aggregation is performed ineach group to generate a group of aggregation results, whichis the criteria for the base station to determine whether thegroup is suspicious. In [11], the authors proposed two privacy-preserving data aggregation schemes, CPDA and SMART, foradditive aggregation. The CPDA scheme leverages algebraicproperties of polynomials to calculate the desired aggregatevalue. The SMART scheme builds on slicing techniques andthe associative property of addition. In [13], the iPDA schemewas proposed to improve the integrity of the data based on theSMART scheme. In iPDA, data privacy is achieved throughdata slicing and assembling technique; and data integrity isachieved through redundancy by constructing two disjointaggregation trees to collect data of interests. However, theiPDAhas high communication overhead and low aggregationaccuracy due to the slicing technology and each sensor nodehas to send its data to both aggregation trees. EEHA [14] pre-serves data privacy like SMART scheme, in which the nodesare divided into leaf nodes and intermediate nodes. In EEHA,only leaf nodes utilize slicing and assembling technology topreserve data privacy, and intermediate nodes only aggregatetheir private data, data pieces received from leaf nodes anddata from child nodes into a new aggregated data to protectthe privacy of its private data. Hence, compared with SMARTscheme, EEHA scheme has less communication and higherdata accuracy.

The schemes in [15, 16] utilize privacy homomorphicencryption to allow aggregation of encrypted data. In CDA

International Journal of Distributed Sensor Networks 3

[15], each sensor node splits its data into 𝑑 parts (𝑑 ≥ 2),encrypts them by using a public key, and transmits them tothe aggregator node. The aggregator node operates on theciphertext, computes an aggregated value from the ciphertext,and sends it to the sink. IPHCDA scheme [16] employs anelliptic curve cryptography-based homomorphic encryptionalgorithm to offer data confidentiality along with hierarchicaldata aggregation. IPHCDA scheme partitions the networkinto several regions and employs a different public key ineach region. Data aggregators perform aggregation over theencrypted data and transmit the aggregated data to the basestation.Thebase station not only classifies the aggregated databased on the encryption keys, but also achieves data integritythrough verifying the MAC of the aggregated data.

Besides, in KIPDA [18] scheme, the authors proposeda noncryptographic method which obfuscates data by hid-ing them among a set of camouflage values, enabling 𝑘-indistinguishability for data aggregation. KIPDA defines amessage set consisting of the actual data and camouflagevalues forMIN/MAXaggregation.Themessage set is an arrayof values, where the actual data and camouflage values areassigned cleverly to specific positions in the array accordingto predefined policies that guarantee 100% accuracy of theaggregation, while the attacker cannot distinguish betweenthe actual data and camouflage values. Because the data arenot encrypted, it is easily and efficiently aggregated withminimal in-network processing delay, but the level of privacyis relatively low.

3. System Model

3.1. Network Model. WSNs are composed of a large numberof resource-constrained sensors, equippedwith nonrecharge-able batteries.We use the tree structure to organize sensors toperform the task of data aggregation, as shown in Figure 1.There are three types of nodes in the sensor network: theSink, intermediate nodes, and leaf nodes. The Sink is thenode where aggregation result is destined. The intermediatenodes serve as aggregator nodes, which are responsible forforwarding queries, aggregating the received data and itsown data, and sending the aggregation to their parent nodes.The leaf nodes utilize the “slicing and assembling” techniqueto protect data privacy by decomposing their private datainto pieces, sending the pieces to neighboring nodes, andassembling their piece and the pieces they received to get newresults which will be sent to their parent. Typical aggregationfunctions include SUM, AVERAGE, COUNT, MAX, andMIN. We focus on additive aggregation functions becauseall the typical aggregation functions can be reduced to theadditive aggregation function SUM [17].

3.2. Attack Model and Design Goals

3.2.1. AttackModel. Amalicious attacker can launch a varietyof attacks to undermine the data security. We considerthe following two cases. (1) Eavesdropping attack: BecauseWSNs transmit message through wireless communication,the attacker can overhear the transmission to obtain private

Sink

Intermediate nodeLeaf node

Figure 1: Network model for data aggregation.

information. Eavesdropping attack is the most common andeasiest form of attack on data privacy, which is the focusof this paper. We assume the attacker can eavesdrop onthe entire network. (2) Compromising sensor nodes: Aftercompromising one or more sensor nodes, an adversary canobtain its data and keys and perform the following attacks.Firstly, an adversary use the keys obtained fromcompromisednodes to decrypt the ciphertext of private data sent by othernode(s). Secondly, an adversary utilizes several colludingcompromised nodes to collect and infer private data of othernode(s).

3.2.2. Design Goals. Themain goal of secure data aggregationscheme is to maintain data privacy for each node in theWSNs. Meanwhile, the scheme must consider the perfor-mance of efficiency, accuracy, and scalability. Therefore, adesired secure data aggregation should meet the followingcriteria.

(1) Privacy: to broaden the area of WSNs’ applications,data aggregation must guarantee the privacy of data.Each node should only know its own data. However,the wireless link is vulnerable to eavesdropping byattackers to reveal private data. Furthermore, somecompromised nodes may collude to uncover theprivate data of other nodes. A good secure dataaggregation scheme should be robust to such attacks.

(2) Efficiency: the goal of data aggregation is to reduce theamount of messages transmitted within the WSNs byusing in-network processing to eliminate redundantdata and thus reducing resource and energy usage.To protect the privacy of data, additional overheadis unavoidable in secure data aggregation. However,a good private data aggregation scheme should keepthe overhead as little as possible.

(3) Accuracy: data aggregation results may be used tomake critical decisions in the WSNs, so the accuracyof the aggregation results must be guaranteed duringthe process of data aggregation. Therefore, accuracyshould be a crucial criterion to estimate the perfor-mance of secure data aggregation schemes.


(4) Scalability: the cheap sensor nodes are prone to fail,which makes WSNs dynamic in network topology.When some nodes fail or new nodes are deployed, it isvery necessary for the secure data aggregation schemeto continue to be implemented correctly. A goodsecure data aggregation scheme needs to have easyscalability.

3.3. Key Setup for Security Channel. Neighboring nodesestablish a secure channel with encryption technology. In thispaper, key management adopts a random key distributionmechanism proposed in [19].The key distribution consists ofthree phases. (1) Key predistribution: a large key-pool of 𝐾keys and their corresponding identities are generated. Eachnode within the WSNs randomly selected 𝑘 keys from thekey-pool. These 𝑘 keys form a key ring for a sensor node.(2) Shared-key discovery: each sensor node finds out whichneighbors share a common key with itself by exchangingdiscovery messages. If two neighboring nodes share a com-mon key then there is a secure link between them. (3) Path-key establishment: if two neighboring nodes do not share acommon key, their secure link is established by two or moremultihop.

In the random key distribution mechanism, the prob-ability that any pair of neighboring nodes possess at leastone common key is 𝑝connect. When two neighboring nodestransmit the encrypted message by their common key, theprobability that a third node possesses the same key is𝑝overhear. Details can be seen in the following formula:

𝑝connect = 1 −((𝐾 − 𝑘)!)

2

(𝐾 − 2𝑘)!𝐾!, 𝑝overhear =

𝑘

𝐾. (1)

4. Energy-Efficient and Scalable Secure DataAggregation (EESSDA) Scheme

In this section, we present the detail of our proposed securedata aggregation scheme which is energy-efficient, scalable,and highly accurate. The EESSDA scheme consists of fivesteps: (1) aggregation tree construction; (2) secure channelestablishment; (3) slicing; (4) assembling andmixing; and (5)aggregation. Because of the dynamic nature of WSNs, thissection also describes how to deploy new nodes or handlefailed nodes.

4.1. Secure Data Aggregation. The scheme consists of fivesteps, whose detailed procedures are listed as follows.

Step 1 (aggregation tree construction). A common techniquefor data aggregation is constructing an aggregation tree.There are various methods for building an aggregationtree. We construct the aggregation tree using the methoddescribed in TAG [10]. The network is organized as a treerooted at the Sink node, and each sensor node has a shortestrouting path to the Sink. Meanwhile, all parent-child nodesat least share a common key by setting conditions of pathselection during constructing aggregation tree, as shown inFigure 2.

Sink

S1S2

S3

S4

S5S6

S7

S8S9

Figure 2: Aggregation tree construction.

Step 2 (secure channel establishment). Aggregation tree iscomposed of intermediate nodes and leaf nodes.

(1) Intermediate nodes: each intermediate node estab-lishes a secure channel with its parent or child node;that is, every pair of parent-child nodes shares acommon secret random number. For example, node𝑆𝑖establishes a secure channel with its parent node

𝑆𝑗. 𝑆𝑖selects a random number 𝑑

𝑖𝑗, encrypts 𝑑

𝑖𝑗using

its shared key 𝑘𝑖𝑗with 𝑆

𝑗, and then sends the result to

𝑆𝑗. 𝑆𝑗receives the encrypted data and gets the random

number𝑑𝑖𝑗by decrypting the data using its shared key

𝑘𝑖𝑗. Thus 𝑑

𝑖𝑗is the secure channel between 𝑆

𝑖and 𝑆𝑗,

where 𝑑𝑖𝑗= 𝑑𝑗𝑖.

(2) Leaf nodes: each leaf node establishes a secure chan-nel with its parent node. In addition, each leaf nodeestablishes secure channel with its neighbors or nodeswithin h-hop which at least share a common keywith it.

After the establishment of secure channel, sensor nodetransmits data (including sensing data, aggregate results,slice) through secure channel.The node adds data upwith therandom number (secure channel) and then send the pseudo-data to the destination node. The destination node gets thereal data after subtracting the random number. For example,𝑆5sends the slice V

51to 𝑆1, the specific process: 𝑆

5→ 𝑆1:

𝑑𝑠51

= V51+ 𝑑51MOD 𝑟, and 𝑆

1gets V

51by V51

= 𝑑𝑠51−

𝑑51MOD 𝑟.

Step 3 (slicing). Because the leaf nodes contain only its owndata, each leaf node ensures the confidentiality of its data byslicing data into pieces before sending data to its parent node.We adopt the slicing technique similar to that of the SMART[11]. Each leaf node 𝑆

𝑖slices its primitive data V

𝑖randomly into

𝐽 pieces based on the number of its secure channels; that is,V𝑖= ∑𝐽

𝑗=1V𝑖𝑗, where V

𝑖𝑗is denoted as a piece of data sent from

node 𝑆𝑖to node 𝑆

𝑗. If there is no data from node 𝑆

𝑖to node 𝑆

𝑗,

V𝑖𝑗= 0.Figure 3 describes the slicing step, where one of the 𝐽

pieces is kept at node 𝑆𝑖itself, the remaining 𝐽 − 1 pieces

are sent to the neighbors of 𝑆𝑖(we take ℎ = 1 here) through

secure channel. For example, leaf 𝑆8slices its data V

8randomly

into 3 pieces, and then 𝑆8keeps V

88and uses secure channel

to send the remaining 2 pieces to neighbor nodes 𝑆7and 𝑆9,

respectively, in its neighbor nodes set {𝑆2, 𝑆3, 𝑆6, 𝑆7, 𝑆9}; that


Sink

S1

S4

S2S3

�44�45

�54

�55

�51

�65

�66�67

�68

�76 �78�87

�88

�89

�98

�99

�93

�77

S5

S6

S7

S8

S9

Figure 3: Slicing.

is, 𝑆8→ 𝑆7: V87+ 𝑑87MOD 𝑟, 𝑆

8→ 𝑆9: V89+ 𝑑89MOD 𝑟,

where 𝑟 is the range of possible aggregation values.

Step 4 (assembling and mixing). First, all nodes wait forcertain time Δ𝑡, which guarantees that all slices are received.Then, each leaf 𝑆

𝑖aggregates up all the received slices and the

slice left by itself to get a new result 𝑛V𝑖. In Figure 3, we obtain

all leaf nodes mixing result as follows:

𝑛V4= V44+ V54MOD 𝑟,

𝑛V5= V45+ V55+ V65MOD 𝑟,

𝑛V6= V66+ V76MOD 𝑟,

𝑛V7= V67+ V77+ V87MOD 𝑟,

𝑛V8= V68+ V78+ V88+ V98MOD 𝑟,

𝑛V9= V89+ V99MOD 𝑟.

(2)

Step 5 (aggregation). After a leaf node mixes up the receivedslices to get a new result, it sends the new result to its parentthrough secure channel. The intermediate nodes receive newresults 𝑛V

𝑖sent by their children nodes and may also receive

slices V𝑖𝑗sent by leaves. Once an intermediate node has got

all data from its child nodes or leaf nodes, it performs anaggregation operation to get a new result and forwards thenew result to its parent by secure channel, which in turnforwards the aggregation result along the tree. Eventually theaggregation result reaches the Sink.

For example, 𝑆2receives mixing results 𝑑V

6(𝑆4) and

𝑑V7(𝑆5) and gets 𝑛V

4and 𝑛V

5by subtracting random numbers

𝑑24, 𝑑25(secure channel), respectively.Then, 𝑆

2aggregates all

the data (including its own private data) and gets a new result.(𝑛V2= 𝑛V4+ 𝑛V5+ V2MOD 𝑟). Finally, 𝑆

2sends the result to

Sink by secure channel (𝑑25); that is, 𝑆

2→ Sink : 𝑑V

2= 𝑛V2+

𝑑2𝑆MOD 𝑟, as shown in Figure 3.Algorithm 1 illustrates the 3-step process of 𝑆

1in Figure 3.

4.2. Aggregation Algorithm. The pseudocode of EESSDA forevery node is described in Algorithm 2.

We propose an energy-efficient and scalable secure dataaggregation algorithm, described in Algorithm 2. It basically

is composed of three phases. The first phase (lines 1–4) is thepredeployment stage, including construction of aggregationtree (line 1) and establishment of secure channel (lines 2–4). The second phase (lines 5–9) is slicing-mixing operation,in which we enumerate all leaf nodes by one loop. Each leafnode slices its primitive data (line 6), mixes (line 7) all thereceived slices (include itself slice), and sends mixing result𝑛V to its parent node (line 8). The third phase (lines 10–17) is data aggregation operation. Each intermediate nodeperforms mixing operation and aggregation operation byone loop. Firstly, intermediate node mixes all receive slicesfrom leaf nodes (lines 11–13); secondly, intermediate nodeaggregates all data from its child nodes; finally, intermediatenode sends aggregation result to its parent node (line 15).Intermediate nodes in turn forward the aggregation resultalong the tree. Eventually the aggregation result reaches theSink, and EESSDA algorithm is completed.

4.3. Scalability. Because of the dynamic nature of WSNs,the network may need to deploy new nodes. In existingaggregation or query schemes, when a new node is deployed,the network needs to distribute some shared informationbetween the new node and Sink/parent node/root node ofsubtree in advance. The network expansion is very difficult.On the other hand, when there are some failed nodes inWSNs, aggregation scheme needs to ensure that the networkstill performs aggregation correctly. So our proposed schemeEESSDAhas good scalability, which can be described in detailas follows.

(1) Deploying new nodes. When it is deployed into thenetwork, a new node 𝑆

𝑖establishes secure channels

with its neighbors which at least share one commonkey with it. And then, 𝑆

𝑖selects the node 𝑆

𝑗with

the smallest number of hops from neighbor nodesset as its parent node. 𝑆

𝑖is successfully deployed,

and it becomes a leaf node in the network. WSNsreconstruct the aggregation tree based on the numberof the deployed new nodes or time interval.

(2) Failed nodes. When the parent of node 𝑆𝑖fails after a

certain time, 𝑆𝑖will mark its parent as a failed node

and select a new parent node from its neighbors. Thesame as above, 𝑆

𝑖selects a neighbor node as its parent

node which has the secure channel with 𝑆𝑖and the

smallest number of hops. Meanwhile, 𝑆𝑖updates its

own number of hops, and broadcasts a request to itschild nodes to modify hop number. When the totalnumber of failed nodes is small, the network still canwork properly.

5. Simulation and Performance Analysis

In this section, we evaluate the performance of EESSDAthrough theoretical analysis and simulation study, includingcommunication overhead, computation overhead, energyefficiency, accuracy, and privacy-preservation. Based on thesimulator ofWSNs in [20], we use C# andMATLAB to imple-ment a simulator in order to simulate executing EESSDA andSMART schemes. We implemented these two schemes using


(1) ReceivingChild nodes: 𝑑V

4= 𝑛V4+ 𝑑41MOD 𝑟

𝑑V5= 𝑛V5+ 𝑑51MOD 𝑟

Leaf nodes slices: 𝑑𝑠51= V51+ 𝑑51MOD 𝑟

(2) Aggregation𝑛V1= (𝑑V

4− 𝑑41) + (𝑑V

5− 𝑑51) + (𝑑𝑠

51− 𝑑51) + V1MOD 𝑟

(3) Transmission𝑆1→ Sink: 𝑑V

1= 𝑛V1+ 𝑑1𝑆MOD 𝑟

Algorithm 1: Illustration of the three steps in EESSDA.

(1) Construct an aggregation tree on top of TAG;(2) Ensure that all parent-child nodes share a common key;(3) Set waiting time Δ𝑡;(4) Establish secure channel;(5) foreach leaf node 𝑆

𝑖do

(6) perform slicing operation and wait;(7) perform mixing operation and get new result 𝑛V

𝑖;

(8) send 𝑛V𝑖to its parent node;

(9) end for(10) foreach intermediate node 𝑆

𝑗do

(11) if receives slice from leaf node then(12) perform mixing operation(13) end if(14) if receives all child nodes data or time elapsed then(15) perform aggregate operation and send aggregation result 𝑛V

𝑗to its parent node;

(16) end if(17) end for

Algorithm 2: EESSDA algorithm.

a real world data set from Intel Lab Data [21] to comparetheir performance of communication overhead, computationoverhead, energy efficiency, accuracy, privacy-preservationand so on.

5.1. Simulation Setting. The simulation runs on a PC withCore i3-3220CPU, 4G memory, and Win 7OS. We assumenetworks with 400 sensor nodes. These nodes are randomlydeployed over a 400 × 400m2 area. The transmission rangeof a sensor node is 50m and data rate is 1Mbps. Accordingto [18], as far as TelosB Mote is concerned, the energy usedto transmit and receive 1 bit of data are 𝑒

𝑇= 0.72 𝜇J and

𝑒𝑅= 0.81 𝜇J, respectively, and encrypt/decrypt 10 bit of data

is 8.92 𝜇J use RC4. Each point in the figure is the averageresult of 20 runs of the simulation. In each run, one randomlygenerated WSNs topology is used.

5.2. Communication Overhead and Energy Consumption

5.2.1. Communication Overhead. The communication over-head of EESSDA consists of two parts: 𝑇sc, the establishmentof secure channels, and 𝑇data, data transmission. When node𝑆𝑖with node 𝑆

𝑗establishes a secure channel, 𝑆

𝑖needs to

send an encrypted random number and receive an ACK

form node 𝑆𝑗. The encrypted data and ACK are of 𝑒 bits

and 1 bit, respectively. On the average, each node buildssecure channels with 𝑛𝑛

𝑖neighbor nodes. Because the secure

channel is bidirectional, we thus have

𝑇sc =1

2

𝑁

∑

𝑖=1

(𝑒 + 1) ∗ 𝑛𝑛𝑖. (3)

In EESSDA, the behavior of leaf nodes is not similarwith that of the intermediate nodes. (1) Intermediate node:it receives all data form its child nodes or leaf nodes and thenperforms an aggregation operation with itself data to get anew aggregation result and sends the result to its parent. Wesuppose the reading at node is in range [0, 𝑅

𝑑], so the data

transferred through secure channel is of ⌈log(𝑅𝑑∗𝑁)⌉ bits. (2)

Leaf node: it slices its data into 𝐽 pieces and send 𝐽−1 piece toneighboring nodes. We consider the network with 𝑁 sensornodes and the percentage of leaf nodes of the aggregation treeis 𝛼. Then we have

𝑇data = (1 − 𝛼) ∗ ⌈log (𝑅𝑑 ∗ 𝑁)⌉ + 𝛼 ∗ ⌈log (𝑅𝑑 ∗ 𝑁)⌉ ∗ 𝐽.(4)

To improve level of security, each period, EESSDA reestab-lishes secure channels. We assume performing 𝛽 runs data


aggregation during each period. Therefore, the communica-tion overhead with each run is listed as follows:

𝑇 =1

𝛽(𝑇sc + 𝛽 ∗ 𝑇data) . (5)

In our experiments, we implemented EESSDA andSMART on the same already constructed aggregation tree.In SMART, each node needs to send 𝐽 messages for securedata aggregation (𝐽 − 1 messages during the slicing stepand then one message for data aggregation). Hence, thecommunication overhead of SMART is 𝑁 ∗ 𝐽 ∗ 𝑒. Figure 4shows the communication overhead of EESSDA and SMART(𝐽 = 3, 𝛽 = 3) under different epoch durations. FromFigure 4, we can see that EESSDA decreases 20% communi-cation overhead compared with SMART; moreover, if 𝐽 and𝛽 are constant, the larger 𝛼 is, the larger ratio of decreasing is.When𝛽 = 3, with the increase of 𝐽, communication overheadof EESSDA has more decrease than SMART, up to 27% asshown in Figure 5. Figure 6 illustrates the communicationoverhead of EESSDA and SMART with respect to 𝛽(𝐽 =

3), we can conclude that EESSDA is more efficient than theSMART (except as 𝛽 = 1, namely, each run data aggregationbefore the scheme establishes secure channels), and as 𝛽increases, the communication overhead of scheme is reducedon each run.

5.2.2. Energy Consumption. Energy consumption involvestwo aspects: communication and computation. Computa-tion involves encryption/decryption operations and modulararithmetic operations. Encryption/decryption is much moreenergy consuming than modular arithmetic. Therefore, weonly consider the cost of encryption/decryption computa-tion. Figure 7 shows that EESSDA saves 45% energy com-paredwith SMART. In EESSDA, encryption/decryption com-putations only occur during the secure channel establishmentstep. Each secure channel needs to perform encryption anddecryption computation once; that is, Numdec = Numenc =

1/2∑𝑁

𝑖=1𝑛𝑛𝑖. For the SMART scheme, each transmission of

data needs to compute encryption and decryption computa-tion each once, so the number of encryption and decryptionis Numdec = Numenc = 𝑁 ∗ 𝐽. Therefore, SMART is muchmore energyconsuming than EESSDA. With the increase of𝐽, SMART would perform more encryption and decryptionand consume more energy, as shown in Figure 8. FromFigure 9, we can see that EESSDA consumesmuch less energycompared with SMART, especially when the value of 𝛽 islarge. So EESSDA can greatly increase network lifetime thanSMART.

5.3. Privacy. To preserve the privacy of data during dataaggregation, the primitive data produced by the sensor nodesmust not be disclosed to the neighbor nodes or attackers. Toaddress privacy, SMART adopts the “slicing and assembling”and encryption technique, in which nodes divide their prim-itive data into several pieces, send encrypted data pieces toneighbor nodes, and aggregate the received data from its childnodes or neighbor nodes, and then routes the aggregatedresult to the Sink. Our EESSDA scheme utilizes “secure

0 10 20 30 40 504

6

8

10

12

Epoch duration (s)

Com

mun

icat

ion

over

head

(bits

)

EESSDASMART

×105

Figure 4: Comparison of EESSDA and SMART (𝐽 = 3, 𝛽 = 3).

0 10 20 30 40 504

6

8

10

12

Epoch duration (s)

Com

mun

icat

ion

over

head

(bits

)

EESSDASMART

×105

Figure 5: Communication overhead with respect to 𝐽(𝛽 = 3).

channel” to ensure that the data will not be disclosed to othernodes or attackers. In EESSDA, the schemes used to ensuredata privacy are different for leaf nodes and intermediatenodes. For leaf nodes, we utilize the “slicing and assem-bling” technique mentioned above. For intermediate nodes,it aggregates the received data and its own data to concealthe primitive data. So the data produced by the intermediatenodes are not disclosed to their parent node. First, we evaluatethe privacy of secure channel. And then we analyze theprivacy of leaf nodes and intermediate nodes, respectively.

(1) Secure channel: a secure channel is a common ran-dom number which is shared by two nodes. Thereare two situations under which random number isrevealed. (1) A compromised neighbor node holds acommunication key and is able to decrypt the randomnumber. From [11], we can see that the probability thatthe node has the communication key by its key ring is


2 3 4 50.4

0.8

1.2

1.6

Com

mun

icat

ion

over

head

(bits

)

×106

J

EESSDASMART

Figure 6: Communication overhead with respect to 𝛽(𝐽 = 3).

1 2 3 4 5 6 7 8 94

6

8

10

12

14

Com

mun

icat

ion

over

head

(bits

)

×105

𝛽

EESSDASMART

Figure 7: Energy consumption comparison for EESSDA andSMART (𝐽 = 3, 𝛽 = 3).

𝑝 = 𝑘/𝐾. Meanwhile, after the end of each period,EESSDA reestablishes secure channels to improvelevel of security. (2) Guessing the random number:because the random number of 𝑑

𝑖𝑗is uniformly

distributed in the range [0, 𝑟], the probability ofcorrectly guessing the random number is 1/𝑟, where𝑟 = 𝑅𝑑∗ 𝑁. Because 𝑑

𝑖𝑗is uniformly distributed, V

𝑖+

𝑑𝑖𝑗MOD 𝑟 is also uniformly distributed in the range

[0, 𝑟]. Therefore, when node 𝑆𝑖sends data to node 𝑆

through secure channel, the attacker cannot infer V𝑖

by eavesdropping. So the probability that the randomnumber is leaked is 𝑃

𝑟= min(𝜎 ∗ 𝑝 ∗ 𝑛

𝑛𝑏, 𝑟), where

𝑛𝑛𝑏

is the average number of compromised neighbornodes and 𝜎 is a security coefficient for different runsdata aggregation during each period.

0 10 20 30 40 50500

700

900

1100

1300

1500

Epoch duration (s)

Ener

gy (m

J)

EESSDASMART

Figure 8: Energy consumption with respect to 𝐽(𝛽 = 3).

2 3 4 5400

800

1200

1600

2000

2400En

ergy

(mJ)

J

EESSDASMART

Figure 9: Energy consumption with respect to 𝛽(𝐽 = 3).

(2) Leaf node: leaf node 𝑆𝑖slices the primitive data V

𝑖

into 𝐽 pieces and sends 𝐽 − 1 piece to its neighborsthrough secure channel.The probability of the leak ofeach piece V

𝑖𝑗is 𝑃𝑟. Only if an attacker breaks 𝐽 − 1

outgoing data and 𝑛V𝑖of node 𝑆

𝑖, it will be able to

crack the primitive data held by 𝑆𝑖. The probability

that an attacker breaks 𝐽 − 1 pieces data is 𝑃𝐽−1𝑟

basedon the above safety analysis of secure channel. Thevalue of 𝑛V

𝑖is aggregated by the 𝐽th piece data and all

pieces data from other leaf nodes, so the probabilityof the leak of 𝑛V

𝑖is 𝑃𝑤+1𝑟

, where 𝑤 is the number ofpieces sent to node 𝑆

𝑖. 𝑃𝑙measures the performance

of the privacy preservation of a leaf node, so 𝑃𝑙can be

approximated by

𝑃𝑙= 𝑃𝐽−1

𝑟∗ 𝑃𝑤+1

𝑟= 𝑃𝐽+𝑤

𝑟. (6)


(3) Intermediate node: the intermediate node 𝑆𝑖receives

data sent by its children nodes or leaf nodes, aggre-gates these data and its sensor data, and then sends theaggregation result to parent. Only if attacker breaksall incoming data of a node 𝑆

𝑖and aggregation result

𝑛V𝑖of 𝑆𝑖will it be able to crack the sensor data

of 𝑆𝑖. 𝑃𝑚

measures the performance of the privacypreservation of an intermediate node. Consequently,𝑃𝑚is estimated as

𝑃𝑚= 𝑃𝑛child𝑟

∗ 𝑃𝑤+1

𝑟= 𝑃𝑛child+𝑤+1𝑟

, (7)

where 𝑛child is the number of child nodes.

Figure 10 compares the privacy preservation performancefor EESSDA and SMART (𝐽 = 3, 𝛽 = 3), we can see thatthe two schemes have good privacy. Figure 11 illustrates theprivacy preservation with respect to 𝐽(𝛽 = 3), we canconclude that the larger value of 𝐽 (the number of sliceseach leaf node chooses to decompose its primitive data),the better privacy can be achieved. But a larger 𝐽 will alsoyield a larger communication overhead. Therefore, althoughboth EESSDA and SMART can achieve considerable pri-vacy, the former has less communication overhead andenergy consumption. We can achieve a better balance thanSMART between privacy preservation and communicationoverhead/energy consumption by setting different value of 𝛽.

5.4. Aggregation Accuracy. In ideal situations when there isno data loss in the network, the scheme should get 100%accurate aggregation results. However, due to collisions overwireless channels, data processing delays and then data mayget lost or delayed. So the aggregation accuracy may be lowerthan it is in the ideal situation.We define the accuracy metricas the ratio between the aggregation result and real result ofall individual sensor nodes. This paper focuses on additiveaggregation function, we thus have

𝑝𝑐=Aggregation result

∑𝑁

𝑖=1𝑑𝑖

. (8)

Figure 12 shows the accuracy of EESSDA and SMART(𝐽 = 3) with respect to epoch duration. From the figure wecan see that the accuracy increases as the epoch durationincreases. There are two reasons contributing to this [11]:(1) with longer epoch duration, the data packets to be sentwithin this duration will have less chance to collide; (2) withlonger epoch duration, the data packets will have a betterchance of being deliveredwithin the deadline.Meanwhile, theEESSDA has better accuracy than SMART, especially whenthe epoch duration is small. That is because SMART schemespends a lot of time for encryption/decryption operations,while EESSDA does not need encryption/decryption oper-ations during the data aggregation. Therefore, the chanceof occurring collisions is decreased, and the probabilityof being delivered within the deadline is increased, whichcauses an improvement of aggregation accuracy. Figure 13illustrates the aggregation accuracy of EESSDA with respectto the selection of 𝐽. We can conclude that the accuracy

1 2 3 4 5 6 7 8 9400

700

1000

1300

1600

Ener

gy (m

J)

𝛽

EESSDASMART

Figure 10: Privacy preservation comparisons for EESSDA andSMART (𝐽 = 3, 𝛽 = 3).

0.02 0.04 0.06 0.08 0.10

0.001

0.002

0.003

0.004

0.005

Probability that link level privacy is broken

Disc

lose

d pr

ivat

e dat

a (%

)

EESSDASMART

Figure 11: Privacy preservation with respect to 𝐽(𝛽 = 3).

of EESSDA is not sensitive to 𝐽. However, with larger thevalue of 𝐽, there is a slightly decrease in the aggregationaccuracy. This is mainly because when a data is sliced intomore pieces, more data packets are needed to be sent to otherneighboring nodes. Hence, more collisions occur, whichcauses a reduction of aggregation accuracy.

6. Conclusions

Providing efficient and privacy-preserving, data aggregationis a challenging problem in WSNs. We propose EESSDAscheme for secure data aggregation in WSNs. Differentfrom general data aggregation that preserves data privacyby encryption technology, EESSDA achieves data privacythrough secure channel. Because EESSDA does not need


0.02 0.04 0.06 0.08 0.10

0.001

0.002

0.003

0.004

0.005

Disc

lose

d pr

ivat

e dat

a (%

)

Probability that link level privacy is broken

J = 2

J = 3

J = 4

J = 5

Figure 12: Accuracy comparison of EESSDA and SMART (𝐽 = 3).

0 10 20 30 40 500

0.2

0.4

0.6

0.8

1

Epoch duration (s)

Accu

racy

EESSDASMART

Figure 13: Accuracy of EESSDA with respect to 𝐽.

encryption/decryption operations during the data aggrega-tion, it saves much energy for encryption/decryption oper-ations, reduces the time of data processing, and consequentlyleads to improvement of aggregation accuracy. In addition,EESSDA can ensure that the network aggregates correctlywhen deploying new nodes or having few failed nodes.So EESSDA scheme has good scalability. We compare theperformance of EESSDA and SMART, simulation resultsshow that EESSDA scheme decreases 20% or more commu-nication overhead and 40% energy consumption comparedwith SMART. And our scheme provides higher aggregationaccuracy and scalability than SMART scheme.

Acknowledgments

This work is supported by the National Natural ScienceFoundation of China (61373015, 61370050), the ResearchFund for the Doctoral Program of High Education of China(no. 20103218110017), a project funded by the Priority Aca-demic Program Development of Jiangsu Higher EducationInstitutions (PAPD), and the Fundamental Research Fundsfor the Central Universities, NUAA (nos. NP2013307 andNZ2013306).

References

[1] D. Culler, D. Estrin, and M. Srivastava, “Overview of sensornetworks,” IEEE Computer, vol. 37, no. 8, pp. 41–49, 2004.

[2] N. Xu, S. Rangwala, K. K. Chintalapudi et al., “A wireless sensornetwork for structural monitoring,” in Proceedings of the 2ndInternational Conference on Embedded Networked Sensor Sys-tems (SenSys ’04), pp. 13–24, ACM, November 2004.

[3] F. L. Lewis, “Wireless sensor networks,” in Smart Environments:Technologies, Protocols, and Applications, pp. 11–46, 2004.

[4] R. Szewczyk and A. Ferencz, Energy Implications of NetworkSensor Designs, Berkeley wireless Research Center Report,Berkeley, Calif, USA, 2000.

[5] K. Akkaya, M. Demirbas, and R. S. Aygun, “The impact of dataaggregation on the performance of wireless sensor networks,”Wireless Communications and Mobile Computing, vol. 8, no. 2,pp. 171–193, 2008.

[6] D. Estrin, R. Govindan, J. Heidemann et al., “Next century chal-lenges: scalable coordination in sensor networks,” inProceedingsof the 5thAnnualACM/IEEE International Conference onMobileComputing and Networking, pp. 263–270, ACM, 1999.

[7] J. Heidemann, F. Silva, C. Intanagonwiwat, R. Govindan, D.Estrin, and D. Ganesan, “Building efficient wireless sensornetworks with low-level naming,” ACM SIGOPS OperatingSystems Review, vol. 35, no. 5, pp. 146–159, 2001.

[8] L.Krishnamachari,D. Estrin, and S.Wicker, “The impact of dataaggregation in wireless sensor networks,” in Proceedings of theIEEE 22nd International Conference on Distributed ComputingSystems, vol. 2002, pp. 575–578.

[9] Y. Yu, B. Krishnamachari, and V. K. Prasanna, “Energy-latencytradeoffs for data gathering in wireless sensor networks,” inProceedings 23rd Annual Joint Conference of the IEEE Computerand Communications Societies (INFOCOM ’04), pp. 244–255,Hong Kong, China, March 2004.

[10] S. Madden, M. J. Franklin, J. M. Hellerstein et al., “TAG: a tinyaggregation service for ad-hoc sensor networks,” ACM SIGOPSOperating Systems Review, vol. 36, no. I, pp. 131–146, 2002.

[11] W. He, X. Liu, H. Nguyen, K. Nahrstedt, and T. Abdelzaher,“PDA: Privacy-preserving data aggregation in wireless sensornetworks,” in Proceedings of the 26th IEEE International Confer-ence on Computer Communications (INFOCOM ’07), pp. 2045–2053, IEEE Press, Anchorage, Alaska, USA, May 2007.

[12] Y. Yang, X. Wang, S. Zhu, and G. Cao, “SDAP: a secure hop-by-hop data aggregation protocol for sensor networks,” ACMTransactions on Information and System Security, vol. 11, no. 4,article 18, 2008.

[13] W. He, H. Nguyen, X. Liu, K. Nahrstedt, and T. Abdelzaher,“iPDA: an integrity-protecting private data aggregation schemeforwireless sensor networks,” inProceedings of the IEEEMilitary


Communications Conference (MILCOM ’08), pp. 1–7, San Diego,Calif, USA, November 2008.

[14] H. Li, K. Lin, and K. Li, “Energy-efficient and high-accuracysecure data aggregation in wireless sensor networks,” ComputerCommunications, vol. 34, no. 4, pp. 591–597, 2011.

[15] J. Girao, D. Westhoff, and M. Schneider, “CDA: concealed dataaggregation for reverse multicast traffic in wireless sensor net-works,” in Proceedings of the IEEE International Conference onCommunications (ICC ’05), pp. 3044–3049, Seoul, Korea, May2005.

[16] S. Ozdemir and Y. Xiao, “Integrity protecting hierarchical con-cealed data aggregation forwireless sensor networks,”ComputerNetworks, vol. 55, no. 8, pp. 1735–1746, 2011.

[17] C. Castelluccia, E. Mykletun, and G. Tsudik, “Efficient aggrega-tion of encrypted data in wireless sensor networks,” in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous Systems—Networking and Services (MobiQuitous’05), pp. 109–117, July 2005.

[18] M. M. Groat, W. Hey, and S. Forrest, “KIPDA: K-indistinguish-able privacy-preserving data aggregation in wireless sensor net-works,” in Proceedings of the 30th IEEE International Conferenceon Computer Communications (INFOCOM ’11), pp. 2024–2032,Shanghai, China, April 2011.

[19] L. Eschenauer and V. D. Gligor, “A key-management schemefor distributed sensor networks,” in Proceedings of the 9th ACMConference on Computer and Communications Security, pp. 41–47, ACM, November 2002.

[20] A. Coman, M. A. Nascimento, and J. Sander, “A frameworkfor spatio-temporal query processing over wireless sensornetworks,” in Proceedings of the 30th International Conferenceon Very Large Data Bases (VLDB ’04), pp. 104–110, Toronto,Canada, August 2004.

[21] M. Samuel, “Intel lab data [OL],” 2004, http://db.csail.mit.edu/labdata/labdata.html.

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttp://www.hindawi.com Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation http://www.hindawi.com

Journal ofEngineeringVolume 2014

Submit your manuscripts athttp://www.hindawi.com

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

The Scientific World JournalHindawi Publishing Corporation http://www.hindawi.com Volume 2014

SensorsJournal of


Modelling & Simulation in EngineeringHindawi Publishing Corporation http://www.hindawi.com Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks


Documents

Hindawi Publishing Corporation - Research Article …downloads.hindawi.com/journals/ijdsn/2013/843485.pdfSMART scheme. In iPDA, data privacy is achieved through data slicing and assembling