Upload
marlow
View
51
Download
0
Embed Size (px)
DESCRIPTION
RCDA: Recoverable Concealed Data Aggregation for Data Integrity in Wireless Sensor Networks. Chien -Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, Hung-Ming Sun IEEE Transactions on Parallel and Distributed Systems, Vol.23, No.4, April 2012 Presenter: 林顥桐 Date: 2012/11/19. Outline. - PowerPoint PPT Presentation
Citation preview
1
RCDA: Recoverable Concealed Data Aggregation for Data Integrity in Wireless
Sensor Networks
Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, Hung-Ming Sun
IEEE Transactions on Parallel and Distributed Systems, Vol.23, No.4, April 2012
Presenter: 林顥桐Date: 2012/11/19
2
Outline
• Introduction• Encryption Scheme and Signature Scheme• RCDA Scheme for Homogeneous WSN• RCDA Scheme for Heterogeneous WSN• Implementation and Comparisons• Conclusion
3
Introduction
• The usage of aggregation functions is constrained
• The base station cannot verify the integrity and authenticity of each sensing data
4
Introduction
• RCDA– The base station can verify the integrity and
authenticity of all sensing data– The base station can perform any aggregation
functions on them
5
Encryption Scheme and Signature Scheme
• Encryption Scheme– Mykleton et al.’s Encryption Scheme
• Signature Scheme– Boneh et al.’s Signature Scheme
6
Encryption Scheme and Signature Scheme
• Mykleton et al.’s Encryption Scheme– Proposed a concealed data aggregation scheme
based on the elliptic curve ELGamal(EC-EG) cryptosystem
7
Encryption Scheme and Signature Scheme
• Boneh et al.’s Signature Scheme– Proposed an aggregate signature scheme which
merges a set of distinct signatures into one aggregated signature
– Based on bilinear map
8
Outline
• Introduction• Encryption Scheme and Signature Scheme• RCDA Scheme for Homogeneous WSN• RCDA Scheme for Heterogeneous WSN• Implementation and Comparisons• Conclusion
9
RCDA Scheme for Homogeneous WSN
10
RCDA Scheme for Homogeneous WSN
• Four procedures– Setup
• Base Station(BS) generates the key pairs– Encrypt-Sign
• Trigger while a sensor decides to send its sensing data to the cluster head(CH)
– Aggregate• Launched after the CH has gathered all ciphertext-signature pairs
– Verify• Receive the sum of ciphertext and signature from CH, BS can
recover and verify each sensing data
11
RCDA Scheme for Homogeneous WSN
• Setup– (PSNi , RSNi ): For each sensor SNi, the BS
generates (PSNi,RSNi) by KeyGen procedure(Boneh scheme) where PSNi = vi and RSNi = xi
– (PBS, RBS): These keys are generated by KeyGen procedure(Mykletun scheme) where PBS ={Y, E, p, G, n} and RBS = t
Privacy key , randomly selected from Zp
Public key, where vi = xi*g
Y = t*G, E is an elliptic curve over a finite Fp, p is a prime number, G is a generator on E, n is the order of E, t is a privacy key randomly from Fp
12
RCDA Scheme for Homogeneous WSN
• Setup– RSNi, PBS, H, are loaded to SNi for all i– BS keeps all public keys PSNi and its own RBS in
privacy
13
RCDA Scheme for Homogeneous WSN
• Encrypt-Sign
Boneh’s signature
Mykleton’s Encrypt
14
RCDA Scheme for Homogeneous WSN
• Aggregate
15
RCDA Scheme for Homogeneous WSN
• Verify– 1)
– 2)
– 3)
– 4) ?
16
Outline
• Introduction• Encryption Scheme and Signature Scheme• RCDA Scheme for Homogeneous WSN• RCDA Scheme for Heterogeneous WSN• Implementation and Comparisons• Conclusion
17
RCDA Scheme for Heterogeneous WSN
18
RCDA Scheme for Heterogeneous WSN
• Five procedures– Setup
• Necessary secrets are loaded to each H-Sensor and L-Sensor– Intracluster Encrypt
• Involve when L-Sensor desire to send their sensing data to the corresponding H-Sensor
– Intercluster Encrypt• Each H-Sensor aggregates the received data and then encrypts and signs the
aggregated result– Aggregate
• If an H-Sensor receives ciphertexts and signatures from other H-Sensor on its routing path, it activates the Aggregate procedure
– Verify• Ensure the authenticity and integrity of each aggregated result
19
RCDA Scheme for Heterogeneous WSN
• Setup– (RHi, PHi ): the BS generates this key pair for each
H-Sensor according to KeyGen(Boneh’s scheme), i.e., RHi = xi and PHi = vi
– (RBS, PBS): This key pair is generated by KeyGen(Mykletun’s scheme), i.e., PBS = {Y, E, p, G, n} and RBS = t
Public key, where vi = xi*gPrivacy key , randomly selected from Zp
Y = t*G, E is an elliptic curve over a finite Fp, p is a prime number, G is a generator on E, n is the order of E, t is a privacy key randomly from Fp
20
RCDA Scheme for Heterogeneous WSN
• Setup– The BS loads PBS to all L-Sensors. Each H-Sensor is
loaded its own key pair (PHi, RHi), PBS, and several necessary aggregation functions
– Each L-Sensor is required to share a pairwise key with its cluster head
21
RCDA Scheme for Heterogeneous WSN
• Intracluster Encrypt– Ensure the establishment of a secure channel
between L-Sensors and their H-Sensor
22
RCDA Scheme for Heterogeneous WSN
• Intercluster Encrypt– After collecting all sensing data from all cluster
members, an H-Sensor performs the prefered aggregation function on these data as its result
23
RCDA Scheme for Heterogeneous WSN
• Intercluster Encrypt
Boneh’s signature
Mykleton’s Encrypt
24
RCDA Scheme for Heterogeneous WSN
• Aggregate– If H3 receives (c1, ) from H1 and (c2, ) from
H2, H3 will execute this procedure to aggregate (c1, ), (c2, ) and its own (c3, ) as follows:
– Finally, H3 sends ( ) to H5.Similarly, H5 can also aggregate (c4, ), (c5, ), and ( ) then get a new aggregated result ( ) to the BS
25
RCDA Scheme for Heterogeneous WSN
• Verify– 1)
– 2)
– 3)
– 4) ?
26
Outline
• Introduction• Encryption Scheme and Signature Scheme• RCDA Scheme for Homogeneous WSN• RCDA Scheme for Heterogeneous WSN• Implementation and Comparisons• Conclusion
27
Implementation and Comparisons
• Implementation
28
Implementation and Comparisons
• Comparisons
– RCDA-HOMO has worst performance evaluation, because RCDA-HOMO provides better security
29
Conclusion
• The base station can securely recover all sensing data rather than aggregated results
• Integrate the aggregate signature scheme to ensure data authenticity and integrity in the design