Secure Data Aggregation Based on End-to-End Homomorphic Encryption in IoT-Based Wireless Sensor Networks
Abstract
:1. Introduction
- i.
- A novel HE technique enabling end-to-end data secrecy/confidentiality is proposed. The proposed EEHE could be used by aggregators to apply arithmetic aggregation functions on cipher texts.
- ii.
- MAC is used to ensure data integrity. Within the proposed methodology, monitoring nodes generate MACs to the collected data so that certain participants in the group may instantly derive and check the MACs to ensure data integrity. As a result, there is no need to provide the non-encrypted data for confirmation.
- iii.
- To identify wormhole attacks as soon as feasible during the data forwarding and aggregating operations, a paradigm focused upon neighbouring tables is proposed, comprising a monitoring, forwarding, and an aggregator’s adjacent node.
2. Related Work
3. Background, Network Architecture and Objectives
3.1. Network Architecture
3.2. Terminology Used
3.3. Attack Model
3.4. MNF Group Formation
E-E Homomorphic Encryption
4. End-to-End Homomorphic Encryption-Based Data Aggregation Protocol for Wireless Sensor Networks
- MNF Group Formation and Key Distribution. First of all, an MNF group consisting of three nodes (monitoring node, neighbouring node and forwarding node) is formed. The base station distributes a Gk to the MNF group and its public key to each node at the time of deployment of the sensor networks.
- Common Neighbour Table (CNT) Formation. Information about common neighbours between the sender node, i.e., MN node and neighbour nodes is recorded in a table with the help of a CNT algorithm. This table will be helpful in detecting wormhole nodes.
- Wormhole Detection. A wormhole node is detected with the help of common neighbour information between a sender and the neighbour node. There is a separate algorithm for wormhole detection, which will be explained in later sections.
- Report Attack and Generate subMAC. An attack detection report is sent to the base station whenever a wormhole attack is detected. Now, the decision of isolation and removal is taken by the base station, which will be discussed in later sections. In order to verify the integrity of the message, a subMAC is generated by the monitoring node. This message subMAC (MNi) is sent to the DAc. Now, the end-to-end homomorphic value and subMAC EEH (DAc), subMAC (DAc), subMAC (MN) of the message are sent to the Forwarding Node (FN).
- Homomorphic Encryption. Sender calculates the homomorphic value Mi = Mijmod n and sends it to the Neighbouring Node (NN). The Monitoring Node also receives this value and calculates a subMAC (MNi). This subMAC is then sent to the current DAc.
- Verification of Data Integrity. DAc verifies the integrity of the data by recalculating the subMAC and sends the end-to-end homomorphic value and subMAC [node EEH(DAc), subMAC(DAc)] to a forwarding node (FN).
- Aggregation of Encrypted Data. Now, the current DA computes the aggregated value i .EEHE(p,q)(mi) mod n and sends this value to the base station.
- Decryption of Aggregated Data at Base Station. The Base Station decrypts the encrypted data with the help of its secret key Ks.
Algorithm 1: Proposed Algorithm. |
Input: - Readings of sensor nodes |
Output: - Secure aggregated data transmission |
Step 1: - MNF group consisting of three nodes (Monitoring node, Neighbouring Node and Forwarding node) is formed. Key distribution is also performed by Base Station. |
Step 2: - Common neighbour table of a MNF group is created by calling the CNT algorithm with request message Mreq and reply message Mrep. |
Step 3: - Check selected node is secure or not for transmission. Call Algorithm Wormhole Detection. |
Step 4: - If wormhole is detected, an error is reported to the Base Station; else, go to step 5. - SubMAC is generated by the monitoring node for data integrity check. |
Step 5: - EEHE is performed by the sender node with the help of the public key of Base Station to ensure confidentiality of data. |
Step 6: - Data integrity is verified by the neighbouring node by recalculation of MAC. |
Step 7: - Aggregation of encrypted data is performed by DA node. |
Step 8: - Base station decrypts the aggregated and encrypted data with the help of its secret key. |
4.1. Message Authentication Code (MAC)
Common Neighbour Table
4.2. Data Aggregation and Integrity Detection
Algorithm 2: Wormhole Detection (WD) Algorithm. |
Input: - MN, NN, CNT. |
Output: - Secure Data Aggregation. |
Step 1: - MN broadcasts Mreq to NN. |
Step 2: - NN receives Mreq and sends Mrep to MN. |
Step 3: - If there is a wormhole node W, then it sends Mrep with fake node ID and fake location. |
Step 4: - There will be two cases: |
Step 5: - In case 1, if W does not have the neighbours’ ID, MN will confirm CNT in between MN and W nodes. |
Step 6: - If there are no common nodes, it means W is a wormhole node. |
Step 7: - In case 2, if W has the neighbours’ ID, MN will confirm the CNT in between nodes MN and W. |
Step 8: - Common nodes between MN and node W confirm CNT. |
Step 9: - If any node has encountered the ID of a suspicious W in its table, then node W is declared as the trusted one. |
Step 10: - Else, transmission is stopped. |
5. Security Analysis and Experimental Results
5.1. Data Confidentiality
5.2. Data Integrity
5.3. Wormhole Attack Detection and False Positives
- 1.
- Neighbour discovery: Each node keeps track of its 1 or 2 hop neighbours.
- 2.
- Computing: Every node initially evaluates their clustering coefficient.
- 3.
- Isolation: When a node is labeled a wormhole, the voting procedure is implemented. A generalization of the scheme is: if X is l-hop away from node a, a declares X as a wormhole if [3]
5.4. Identification and Removal of All Wormhole Nodes in the Network
5.5. Performance Evaluation of Proposed Algorithm
- Sensitivity. The outcome of the algorithm can be positive (predicting that the node is a wormhole) or negative (predicting that the node is not a wormhole). Mathematically, sensitivity [20,21] can be expressed as in Equation (2).
- Positive likelihood ratio: as shown in Equation (4).
- Negative likelihood ratio: as shown in Equation (5).
- Positive predictive value: as shown in Equation (6).
- Negative predictive value: as shown in Equation (7).
6. Experimental Results
6.1. Probability of False Positives and Wormhole Detection
6.2. Average Energy Dissipation
6.3. System Lifetime
6.4. Aggregation Accuracy
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Singh, S.; Verma, H.K. Security for Wireless Sensor Network. Int. J. Comput. Sci. Eng. 2011, 3, 2393–2396. [Google Scholar] [CrossRef]
- Fasolo, E.; Rossi, M.; Widmer, J.; Zorzi, M. In-Network Aggregation Techniques for Wireless Sensor Networks: A Survey. IEEE Wirel. Commun. 2007, 14, 70–87. [Google Scholar] [CrossRef]
- Znaidi, W.; Minier, M.; Babau, J.P. Detecting wormhole attacks in wireless networks using local neighborhood information. In Proceedings of the IEEE Personal, Indoor and Mobile Radio Communications (PIMRC), Cannes, France, 15–18 September 2008; pp. 1–5. [Google Scholar]
- Othman, S.B.; Bahatta, A.A.; Trad, A.; Habib, Y. Confidentiality and Integrity for Data Aggregation in WSN Using Homomorphic Encryption. Wirel. Pers. Commun. 2015, 80, 867–889. [Google Scholar] [CrossRef]
- Jaydip, S. Homomorphic Encryption: Theory & Application. In Theory and Practice of Cryptography and Network Security Protocols and Technologies; Sen, J., Ed.; Intech Publishers: Rijeka, Croatia, 2010; pp. 1–21. [Google Scholar]
- Sun, H.; Lin, Y.; Hsiao, Y.; Chen, C. An efficient and verifiable concealed data aggregation scheme in wireless sensor networks. In Proceedings of the ICESS08, Chengdu, China, 29–31 July 2008; pp. 19–26. [Google Scholar]
- Westhoff, D.; Girao, J.; Acharya, M. Concealed data aggregation for reverse multicast traffic in sensor networks: Encryption key distribution and routing adaptation. IEEE Trans. Mob. Comput. 2006, 5, 1417–1431. [Google Scholar] [CrossRef]
- Perrig, A.; Szewczyk, R.; Tygar, D.; Wen, V.; Culler, D. SPINS: Security protocols for sensor networks. Wirel. Netw. J. 2002, 2, 521–534. [Google Scholar] [CrossRef]
- Jangra, A. Wireless Sensor Network (WSN) architectural design issues and challenges (IJCSE). Int. J. Comput. Sci. Eng. 2010, 2, 3089–3094. [Google Scholar]
- Ozdemir, S.; Xiao, Y. Secure data aggregation in wireless sensor networks: A comprehensive overview. Comput. Netw. 2009, 53, 2022–2037. [Google Scholar] [CrossRef]
- Ozdemir, S.; Çam, H. Integration of False data detection with data aggregation and confidential transmission in WSN. IEEE/ACM Trans. Netw. 2010, 18, 736–749. [Google Scholar] [CrossRef]
- Ozdemir, S.; Yang, X. Integrity protecting hierarchical concealed data aggregation for wireless sensor networks. Comput. Netw. 2011, 55, 1735–1746. [Google Scholar] [CrossRef]
- Li, H.; Lin, K.; Li, K. Energy-efficient and high-accuracy secure data aggregation in wireless sensor networks. Comput. Commun. 2011, 34, 591–597. [Google Scholar] [CrossRef]
- Zhou, Q.; Yang, G.; He, L. A secure-enhanced data aggregation based on ECC in wireless sensor networks. Sensors 2014, 14, 6701–6721. [Google Scholar] [CrossRef] [Green Version]
- Li, X.; Chen, D.; Li, C.; Wang, L. Secure Data Aggregation with Fully Homo-morphic Encryption in Large-Scale Wireless Sensor Networks. Sensors 2015, 15, 15952–15973. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Tan, H.; Ostry, D.; Zic, J.; Jha, S. A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networks. In Proceedings of the Second ACM Conference on Wireless Network Security, Zurich, Switzerland, 16–19 March 2009; pp. 245–252. [Google Scholar]
- Jacques, M.B.; Guyeux, C.; Makhoul, A. Efficient and robust secure aggregation of encrypted data in sensor networks. In Proceedings of the Fourth International Conference on Sensor Technologies and Applications, Venice, Italy, 18–25 July 2010; pp. 472–477. [Google Scholar]
- Wang, A.; Yang, D.; Sun, D. A clustering algorithm based on energy information and cluster heads expectation for wireless sensor networks. Comput. Electr. Eng. 2012, 38, 662–671. [Google Scholar] [CrossRef]
- Goluch, S. The Development of Homomorphic Cryptography. Ph.D. Thesis, Institute of Discrete Mathematics and Geometry, Vienna University of Technology, Vienna, Austria, 1999. [Google Scholar]
- Gardner, I.A.; Greiner, M. Receiver-operating characteristic curves and likelihood ratios: Improvements over traditional methods for the evaluation and application of veterinary clinical pathology tests. Vet. Clin. Pathol. 2006, 35, 8–17. [Google Scholar] [CrossRef] [PubMed]
- Saini, V.; Gupta, J.; Garg, K.D. WSN Protocols, Research challenges in WSN, Integrated areas of sensor networks, security attacks in WSN. Eur. J. Mol. Clin. Med. 2020, 7, 5145–5153. [Google Scholar]
- Kumar, M.; Gupta, O.; Rani, S. Firewall in Underwater Wireless Sensor Networks. In Energy-Efficient Underwater Wireless Communications and Networking; IGI Global: Hershey, PA, USA, 2021; pp. 120–130. [Google Scholar]
- Sharma, A.; Das, P.; Patel, R.B. A Comprehensive Review on Clustering in WSN: Optimization Techniques and Future Research Challenges. In Proceedings of the 2021 6th International Conference on Signal Processing, Computing and Control (ISPCC), Solan, India, 7–9 October 2021; pp. 346–351. [Google Scholar]
- Goyal, N.; Nain, M. Node Localization techniques analysis in challenging underwater wireless sensor network. In Proceedings of the 2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), Noida, India, 3–4 September 2021; pp. 1–5. [Google Scholar]
- Dogra, R.; Rani, S.; Verma, S.; Garg, S.; Hassan, M.M. TORM: Tunicate swarm algorithm-based optimized routing mechanism in IoT-based framework. Mob. Netw. Appl. 2021, 26, 2365–2373. [Google Scholar] [CrossRef]
- Rani, S.; Balasaraswathi, M.; Reddy, P.C.S.; Brar, G.S.; Sivaram, M.; Dhasarathan, V. A hybrid approach for the optimization of quality of service metrics of WSN. Wirel. Netw. 2020, 26, 621–638. [Google Scholar] [CrossRef]
- Choudhary, M.; Goyal, N. Dynamic topology control algorithm for node deployment in mobile underwater wireless sensor networks. Concurr. Comput. Pract. Exp. 2022, 34, e6942. [Google Scholar] [CrossRef]
- Guleria, K.; Atham, S.B.; Kumar, A. Data Fusion in Underwater Wireless Sensor Net-works and Open Research Challenges. In Energy-Efficient Underwater Wireless Communications and Networking; IGI Global: Hershey, PA, USA, 2021; pp. 67–84. [Google Scholar]
- Srivastava, D.; Kumar, A.; Mishra, A.; Arya, V.; Almomani, A.; Hsu, C.H.; Santaniello, D. Performance Optimization of Multi-Hop Routing Protocols with Clustering-Based Hybrid Network-ing Architecture in Mobile Adhoc Cloud Networks. Int. J. Cloud Appl. Comput. (IJCAC) 2022, 12, 1–15. [Google Scholar]
- Dowlatshahi, M.B.; Rafsanjani, M.K.; Gupta, B.B. An energy aware grouping memetic algorithm to schedule the sensing activity in WSNs-based IoT for smart cities. Appl. Soft Comput. 2021, 108, 107473. [Google Scholar] [CrossRef]
- Xu, Z.; He, D.; Vijayakumar, P.; Gupta, B.; Shen, J. Certificateless public auditing scheme with data privacy and dynamics in group user model of cloud-assisted medical wsns. IEEE J. Biomed. Health Inform. 2021, 27, 2334–2344. [Google Scholar] [CrossRef] [PubMed]
Protocol | Data Confidentiality | Data Integrity | Source Authentication | Node Availability | Prevention of Attacks | E-E Security/ H-H Security | Aggregation Function | Techniques Used |
---|---|---|---|---|---|---|---|---|
Hung et al. [16], 2008 | Yes | Yes | No | No | Snooping, identification of malicious nodes | E-E | SUM | Homomorphic Encryption, Digital Signature |
SEEDA et al. [10], 2009 | Yes | No | No | No | Eavesdropping | Both | SUM AVERAGE | Homomorphic Encryption |
Jacques et al. [17], 2010 | Yes | No | No | No | Man in the middle attack, recognized simple text threat, and targeted plain text invasion | E-E | SUM | Homomorphic encryption, elliptic curve cryptography |
IPHCDA [12], 2011 | Yes | Yes | No | No | Snooping, replay attacks, recognized plain text attacks, encrypted analytics, illegal aggregation | E-E | SUM | Homomorphic encryption, MAC |
Suat Ozdemir, and Hasan Çam [11], 2010 | Yes | Yes | Yes | No | Sybil, replaying, fake information discovery, snooping | E-E | SUM | MAC, Group Key Management |
EEHA [13], 2011 | Yes | Yes | No | No | Eavesdropping, replaying attack | E-E | SUM | MAC |
SEDA-ECC [14], 2014 | Yes | No | No | No | Node Compromised | E-E | SUM | FHE, MAC |
FESA [15], 2015 | Yes | Yes | Yes | False data injection | E-E | SUM | ECC and Divide and Conquer | |
S. B. Othman et al. [4] | Yes | Yes | No | No | False data injection | E-E | SUM | Homomorphic encryption based on symmetric key cryptography, MAC |
Dest (2) | AM (2) | Len (1) | Data (0–29) | PNum (1) | MAC (6) |
Parameters | Proposed Algorithm | Znaidi et al. [3] | Othman et al. [4] |
---|---|---|---|
Sensitivity | 66.67% | 50.00% | 63.69% |
Specificity | 90.91% | 85.71% | 89.77% |
Positive Likelihood Ratio | 7.33 | 3.50 | 4.31 |
Negative Likelihood Ratio | 0.37 | 0.58 | 0.40 |
Attack prevalence | 21.43% | 22.22% | 20.18% |
Positive Predictive Value | 66.67% | 50.00% | 58.69% |
Negative Predictive Value | 90.91% | 85.71% | 88.77% |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kumar, M.; Sethi, M.; Rani, S.; Sah, D.K.; AlQahtani, S.A.; Al-Rakhami, M.S. Secure Data Aggregation Based on End-to-End Homomorphic Encryption in IoT-Based Wireless Sensor Networks. Sensors 2023, 23, 6181. https://doi.org/10.3390/s23136181
Kumar M, Sethi M, Rani S, Sah DK, AlQahtani SA, Al-Rakhami MS. Secure Data Aggregation Based on End-to-End Homomorphic Encryption in IoT-Based Wireless Sensor Networks. Sensors. 2023; 23(13):6181. https://doi.org/10.3390/s23136181
Chicago/Turabian StyleKumar, Mukesh, Monika Sethi, Shalli Rani, Dipak Kumar Sah, Salman A. AlQahtani, and Mabrook S. Al-Rakhami. 2023. "Secure Data Aggregation Based on End-to-End Homomorphic Encryption in IoT-Based Wireless Sensor Networks" Sensors 23, no. 13: 6181. https://doi.org/10.3390/s23136181
APA StyleKumar, M., Sethi, M., Rani, S., Sah, D. K., AlQahtani, S. A., & Al-Rakhami, M. S. (2023). Secure Data Aggregation Based on End-to-End Homomorphic Encryption in IoT-Based Wireless Sensor Networks. Sensors, 23(13), 6181. https://doi.org/10.3390/s23136181