Research Of Secure Data Aggregation In Wireless Sensor Network

Wireless Sensor Network(WSN) is composed of a large number of low-power sensor nodes with limited computation ability. Generally, WSN can be used to monitor the surrounding(e.g. pollution, oxygen level, PM 2.5 indexes) around sensor nodes. However, sensor nodes have limited power and data transmission is a very energy-consuming operation for wireless sensor devices. To decrease the redundancy of data transmission, minimize the communication bandwidth, conserve the energy of sensor nodes and prolong the life of wireless network, data will be aggregated at aggregation nodes by applying a suitable aggregation function. Moreover, sensor nodes are always deployed in the severe network environment and vulnerable to various security threats particularly. On the other hand, more and more applications need to achieve the privacy of individual sensor node and the correctness of final aggregate statistics. Motivated by the above knowledge, we first introduce existing data aggregation schemes in detail, then present the security analysis of them and propose a verifiable and privacy-aware data aggregation(VPDA) scheme at last which ensures that the aggregation node only obtains the aggregation statistics.The VPDA scheme consists of three phases. In the first phase, sensor nodes utilize the homomorphic property of encryption scheme, encrypt the private data respectively twice to attatin the ciphertext pieces and generate digital signatures for ciphertext pieces. In the process of encryption and digital signature, sensor nodes can securely outsouce the expensive computational overload of scalar multiplications. Then sensor nodes transmit the ciphertext pieces and their digital signatures to middle aggregators. In the second phase, middle aggregators verify aggregate signatures of multiple sensor nodes, utilize the homomorphic property to attatin the aggregate ciphertext piece via aggregating ciphertext pieces and generate digital signatures for aggregate ciphertext pieces. Then middle aggregators transmit the aggregate ciphertext pieces and their ditigal signatures to the aggregator. In the third phase, the aggregator verifies aggregate signatures which is similar to middle aggregators, aggregates aggregate ciphertext pieces to attatin the aggregate ciphertext and decrypts the aggregate ciphertext to attain the aggregate statistics. The VPDA scheme we proposed can provide the following security properties:(1) Data privacy: The VPDA scheme can protect data privacy of individual sensor node from any adversary. In other words, except sensor node itself, no one else, including the aggregator, middle aggregators, other sensor nodes and other kinds of attackers can acquire plaintext of individual sensor node's data intentionally or unintentionally.(2) Data integrity protections: nodes in network need to verify that the message has not been altered in an unauthorized way during transmission to ensure the correctness of the aggregation statistices.(3) Data origin authentication: nodes in network need relevant mechanisms which can enable a message receiver to verify that a message has indeed come from the claimed source, which can avoid injection of malicious adversary in a masquerading manner.(4) Replay-attack resistance: The adversary can perform replay attack easily because messages in network are transmitted via open and unsecure wireless channels. The VPDA scheme adopts the timestamp which can resist the replay attack and ensure freshness of messages and correctness of aggregation statistics.(5) Due to the mobility of sensor nodes in WSN, it is a remarkable fact that how to deal with frequent leaves and joins of sensor nodes in network effectively. The VPDA scheme assigns new private keys for new sensor nodes efficiently to help them to encrypt raw data when they join in the network at the very start. Meantime, the VPDA scheme provides the revocation mechanisms of private keys when sensor nodes leave network, which can avoid security threats against the rest of sensor nodes in network.(6) From the performance evaluation resluts, the VPDA has better security properties under conditions of more computation cost, communication cost and power consumption.