Wireless sensor networks (WSNs) are increasingly used in many applications, such as volcano and fire monitoring, urban sensing, and perimeter surveillance. In a large WSN, in-network data aggregation (i.e., combining partial results at intermediate nodes during message routing) significantly reduces the amount of communication overhead and energy consumption. The research community proposed a loss-resilient aggregation framework called synopsis diffusion, which uses duplicate in sensitive algorithms on top of multipath routing schemes to accurately compute aggregates (e.g., predicate count or sum).
However, this aggregation framework does not address the problem of false subaggregate values contributed by compromised nodes. This attack may cause large errors in the aggregate computed at the base station, which is the root node in the aggregation hierarchy. In this paper, we make the synopsis diffusion approach secure against the above attack launched by compromised nodes.
We present an algorithm to enable the base station to securely compute predicate count or sum even in the presence of such an attack. Our attack-resilient computation algorithm computes the true aggregate by filtering out the contributions of compromised nodes in the aggregation hierarchy. Secure Data Aggregation in Wireless Sensor Networks Filtering out the Attacker’s Impact
Existing communication losses resulting from node and transmission failures, which are common in WSNs, can adversely affect tree-based aggregation approaches. To address this problem, we can make use of multi-path routing techniques for forwarding sub-aggregates. For duplicate insensitive aggregates such as Min and Max, this approach provides a fault-tolerant solution. Unfortunately, for duplicate sensitive aggregates, such as Count and Sum, multi-path routing leads to double-counting of sensor readings. Recently, several researchers have presented clever algorithms to solve this double-counting problem. A robust and scalable aggregation framework called synopsis diffusion has been proposed for computing duplicate-sensitive aggregates. This approach uses a ring topology where a node may have multiple parents in the aggregation hierarchy. Furthermore, each sensed value or sub-aggregate is represented by a duplicate-insensitive bitmap called synopsis.
The possibility of node compromise introduces more challenges because most of the existing in-network aggregation algorithms have no provisions for security. A compromised node might attempt to thwart the aggregation process by launching several attacks, such as eavesdropping, jamming, message dropping, message fabrication, and so on. This paper focuses on a subclass of these attacks in which the adversary aims to cause the BS to derive an incorrect aggregate. By relaying a false sub-aggregate to the parent node, a compromised node may contribute a large amount of error to the aggregate. As an example, during the Sum computation algorithm a compromised node X can inject an arbitrary amount of error in the final estimate of Sum by falsifying X’s own sub-aggregate.
We design an algorithm to securely compute aggregates, such as Count and Sum despite the falsified subaggregate attack. In particular, our algorithm which we call the attack-resilient computation algorithm consists of two phases.
(i) In the first phase, the BS derives a preliminary estimate of the aggregate based on minimal authentication information received from the nodes.
(ii) In the second phase, the BS demands more authentication information from only a subset of nodes while this subset is determined by the estimate of the first phase. At the end of the second phase, the BS can (locally) filter out the false contributions of the compromised nodes from the aggregate.