## SIA: Secure Information Aggregation in Sensor Networks (2003)

### Cached

### Download Links

- [www.ece.cmu.edu]
- [www.cs.sunysb.edu]
- [cs.ucsb.edu]
- [www.ece.cmu.edu]
- [sparrow.ece.cmu.edu]
- [sparrow.ece.cmu.edu]
- [www.cs.sunysb.edu]
- [users.ece.cmu.edu]
- [users.ece.cmu.edu]
- [www.cs.berkeley.edu]
- [sparrow.ece.cmu.edu]
- [www.gta.ufrj.br]
- [wwwcsif.cs.ucdavis.edu]
- [www.cs.trinity.edu]
- [www.cs.virginia.edu]
- DBLP

### Other Repositories/Bibliography

Citations: | 175 - 11 self |

### BibTeX

@INPROCEEDINGS{Przydatek03sia:secure,

author = {Bartosz Przydatek and Dawn Song and Adrian Perrig},

title = {SIA: Secure Information Aggregation in Sensor Networks},

booktitle = {},

year = {2003},

pages = {255--265},

publisher = {ACM Press}

}

### Years of Citing Articles

### OpenURL

### Abstract

Sensor networks promise viable solutions to many monitoring problems. However, the practical deployment of sensor networks faces many challenges imposed by real-world demands. Sensor nodes often have limited computation and communication resources and battery power. Moreover, in many applications sensors are deployed in open environments, and hence are vulnerable to physical attacks, potentially compromising the sensor's cryptographic keys. One of the basic and indispensable functionalities of sensor networks is the ability to answer queries over the data acquired by the sensors. The resource constraints and security issues make designing mechanisms for information aggregation in large sensor networks particularly challenging.

### Citations

1230 | The byzantine generals problem
- Lamport, Shostak, et al.
- 1982
(Show Context)
Citation Context ...ations we put on the adversary are its computational resources (polynomial in the security parameter) and the fraction of nodes that it can corrupt. In particular, we assume the Byzantine fault model =-=[20]-=- where a compromised node is under the full control of the attacker. In this setting, we focus on stealthy attacks, where the attacker’s goal is to make the home server accept false aggregation result... |

1086 | TAG: A Tiny Aggregation Service for Ad-Hoc Sensor Networks
- Franklin, Hellerstein, et al.
- 2002
(Show Context)
Citation Context ...egation mechanisms need to be resilient against attacks where the aggregator and a fraction of the sensor nodes may be compromised. Previous work in data aggregation assumes that every node is honest =-=[21, 10, 13, 16]-=-, with the exception of [15] (cf. Sec. 1.1). In this paper, we address the problem of how to enable secure information aggregation, such that the user accepts the data with high probability if the agg... |

892 | Next century challenges: scalable coordination in sensor networks
- Estrin, Govindan, et al.
- 1999
(Show Context)
Citation Context ... and inefficient to return all raw data collected from each sensor—instead, information should be processed and aggregated within the network and only processed and aggregated information is returned =-=[13, 16]-=-. In such a setting, certain nodes in the sensor network, called aggregators, collect the raw information from the sensors, process it locally, and reply to the aggregate queries of a remote user. How... |

732 | SPINS: security protocols for sensor networks”. Wireless Networks Volume
- Perrig, Szewzyk, et al.
- 2000
(Show Context)
Citation Context ...cuss in Section 9. 2.2 Key Setup And Communication Model We assume that each sensor has a unique identifier and shares a separate secret cryptographic key with the home server and with the aggregator =-=[25]-=-. The keys enable message authentication, and encryption if data confidentiality is required. Note that the home server and the aggregator do not need to store O(n) keys [25] — instead each of them st... |

701 | The space complexity of approximating the frequency moments
- Alon, Matias, et al.
- 1996
(Show Context)
Citation Context ...pose two different protocols for estimating the number of distinct elements. Our solutions are based on algorithms for spaceefficient approximation of the number of distinct elements in a data stream =-=[4, 14, 1]-=-, and on a novel technique for random selection of the nodes of the network. In the following subsections we first describe the basic tools used in our constructions, then we present the proposed prot... |

475 | Keying hash functions for message authentication - Bellare, Canetti, et al. |

329 |
New hash functions and their use in authentication and set equality
- Wegman, Carter
- 1981
(Show Context)
Citation Context ...inct elements in a stream by Bar-Yossef et al. [4], using hash functions specified by the home server B. Let H = {h| h : [m] → [M]}, where M = m 3 , be a family of pairwise independent hash functions =-=[26]-=-, such that any function h ∈ H has a short description (O(k) bits). After A commits to the input, B computes an estimate for a lower bound on µ as follows. B picks at random a hash function h from the... |

326 |
A Certified Digital Signature
- Merkle
- 1989
(Show Context)
Citation Context ...nsors, and that the statement to be verified by the home server about the correctness of computed results is meaningful. One efficient way of committing to the data is a Merkle hash-tree construction =-=[22, 23]-=-. In this construction, all the collected data is placed at the leaves of the tree, and the aggregator then computes a binary hash tree starting from the leaf nodes: each internal node in the hash tre... |

285 |
Protocols for public key cryptosystems
- Merkle
- 1980
(Show Context)
Citation Context ...nsors, and that the statement to be verified by the home server about the correctness of computed results is meaningful. One efficient way of committing to the data is a Merkle hash-tree construction =-=[22, 23]-=-. In this construction, all the collected data is placed at the leaves of the tree, and the aggregator then computes a binary hash tree starting from the leaf nodes: each internal node in the hash tre... |

256 | Checking computations in polylogarithmic time
- Babai, Fortnow, et al.
- 1991
(Show Context)
Citation Context ...ch better than sending all the data to the aggregator. If we are willing to accept (a small) non-zero probability of error, then theoretically general methods based on PCP techniques could be applied =-=[2, 19]-=-. However, such methods would be very inefficient in practice. Hence, in order to achieve practical sublinear communication complexity, we need to relax the accuracy requirements and accept approximat... |

256 | Impact of Network Density on Data Aggregation in Wireless Sensor Networks
- Intanagonwiwat, Estrin, et al.
- 2002
(Show Context)
Citation Context ... and inefficient to return all raw data collected from each sensor—instead, information should be processed and aggregated within the network and only processed and aggregated information is returned =-=[13, 16]-=-. In such a setting, certain nodes in the sensor network, called aggregators, collect the raw information from the sensors, process it locally, and reply to the aggregate queries of a remote user. How... |

222 | Computationally Private Information Retrieval with Polylogarithmic Communication
- Cachin, Micali, et al.
- 1999
(Show Context)
Citation Context ...red part. However, in many cases the locations of the desired parts should be hidden from the prover, hence a more expensive simulation is needed, e.g., using a private information retrieval protocol =-=[7, 18]-=-. 2. PROBLEM STATEMENT: SECURE INFORMATION AGGREGATION 2.1 Problem Setting We consider the setting where a large number of sensors are deployed in some area distant from a home server. Sensors perform... |

199 |
Mobile networking for Smart Dust
- Kahn, Katz, et al.
(Show Context)
Citation Context ...However, sensors are usually simple, lowpowered devices which can communicate only within small range of their location, and so they cannot report the measurements directly to the distant home server =-=[17]-=-. Thus, a resources-enhanced base station is often used as an intermediary between the home server and the sensor nodes. We assume that certain nodes in the network would perform the aggregation task.... |

148 | The tesla broadcast authentication protocol
- Perrig, Canetti, et al.
- 2002
(Show Context)
Citation Context ...m to broadcast authentic messages (e.g. queries)into the network, such that each sensor node can verify the authenticity of the message, for example using the TESLA broadcast authentication protocol =-=[24, 25]-=-. 2.3 Attack Model And Security Goals We consider a setting with a polynomially bounded attacker, which can corrupt some of the sensors as well as the aggregator. Actions of a corrupted device are tot... |

145 | A note on efficient zero-knowledge proofs and arguments
- Kilian
- 1992
(Show Context)
Citation Context ...ch better than sending all the data to the aggregator. If we are willing to accept (a small) non-zero probability of error, then theoretically general methods based on PCP techniques could be applied =-=[2, 19]-=-. However, such methods would be very inefficient in practice. Hence, in order to achieve practical sublinear communication complexity, we need to relax the accuracy requirements and accept approximat... |

144 | Counting distinct elements in a data stream
- Bar-Yossef, Jayram, et al.
- 2002
(Show Context)
Citation Context ...pose two different protocols for estimating the number of distinct elements. Our solutions are based on algorithms for spaceefficient approximation of the number of distinct elements in a data stream =-=[4, 14, 1]-=-, and on a novel technique for random selection of the nodes of the network. In the following subsections we first describe the basic tools used in our constructions, then we present the proposed prot... |

143 | Computing aggregates for monitoring wireless sensor networks
- Zhao, Govindan, et al.
- 2003
(Show Context)
Citation Context ...lues with high probability. Zhao et. al. proposed a similar tree-based approach for computing Min/Max value although their approach assumes nodes well behave and does not consider adverserial attacks =-=[27]-=-. 5.1 The FindMin Protocol The protocol works by first constructing a spanning tree in the network of sensors, such that the root of the tree holds the minimum element (procedure MinRootedTree), and t... |

118 | Secure aggregation for wireless networks
- Hu, Evans
- 2003
(Show Context)
Citation Context ...against attacks where the aggregator and a fraction of the sensor nodes may be compromised. Previous work in data aggregation assumes that every node is honest [21, 10, 13, 16], with the exception of =-=[15]-=- (cf. Sec. 1.1). In this paper, we address the problem of how to enable secure information aggregation, such that the user accepts the data with high probability if the aggregated result is within a d... |

80 | Cache-and-query for wide area sensor databases
- Deshpande, Nath, et al.
- 2003
(Show Context)
Citation Context ...egation mechanisms need to be resilient against attacks where the aggregator and a fraction of the sensor nodes may be compromised. Previous work in data aggregation assumes that every node is honest =-=[21, 10, 13, 16]-=-, with the exception of [15] (cf. Sec. 1.1). In this paper, we address the problem of how to enable secure information aggregation, such that the user accepts the data with high probability if the agg... |

67 |
Probabilistic counting
- Flajolet, Martin
- 1983
(Show Context)
Citation Context ...pose two different protocols for estimating the number of distinct elements. Our solutions are based on algorithms for spaceefficient approximation of the number of distinct elements in a data stream =-=[4, 14, 1]-=-, and on a novel technique for random selection of the nodes of the network. In the following subsections we first describe the basic tools used in our constructions, then we present the proposed prot... |

49 | Sampling algorithms: Lower bounds and applications
- Bar-Yossef, Kumar, et al.
- 2001
(Show Context)
Citation Context ...of n/2. Theorem 1 implies, that in order to achieve with probability close to 1 a ε-approximation of the median it is sufficient to choose the size of sample ℓ = O(1/ε 2 ). However, Bar-Yossef et al. =-=[3]-=- show that Ω(1/ε 2 ) samples are also necessary for an ε-approximation of the median. 4.2 Our Approach for Median The naive sampling approach presented in the previous section makes only minimal use o... |

14 |
Forward security in private key cryptography
- Bellare, Yee
- 2003
(Show Context)
Citation Context ...s to compute many one-way functions for deriving the current key of a node or that the verifier needs to store one key per node. Similar techniques have been used to achieve forward secure encryption =-=[6]-=-. 9. DISCUSSION: SECURE HIERARCHICAL AGGREGATION If the sensor network is too large, then one aggregator may not be capable to handle the whole network. In this case, we may need to use a hierarchical... |

13 |
Oded Goldreich. Lower bounds for sampling algorithms for estimating the average
- Canetti, Even
- 1995
(Show Context)
Citation Context ...nstant probability a good estimate for the average depends on the the underlying distribution of the values, and in general is lower-bounded by Ω(1/ε 2 ), where mε is the desired additive error bound =-=[8, 3]-=-. As in the case of the computation of the median, the naïve sampling only minimally uses capabilities of the aggregator. Below we present an alternative method for computing the average, in which the... |

6 |
Rajeev Motwani, and Vivek Narasayya. Towards estimation error guarantees for distinct values
- Charikar, Chaudhuri
- 2000
(Show Context)
Citation Context ...that this method yields a significantly better estimate than the approximation by sampling with a “trivial aggregator” A, which only forwards the measurements collected from the sensors selected by B =-=[9, 3]-=-.6.3.2.2 Low Number of Distinct Elements. When the number of distinct elements is low in comparison to the total size of S the simple sampling won’t work, because the omitted elements not reported in... |

5 | Ronitt Rubinfeld. Fast approximate PCPs - Ergün, Kumar - 1999 |

2 |
preliminary version
- JCSS
- 2000
(Show Context)
Citation Context ...we need two committed sequences, one sorted according to the measured values, and one sorted according to the sensor ids. We check that both sequences are sorted using Sort-Check-II spot checker from =-=[11]-=- with subsequent uniform sampling of pairs of neighboring elements (requiring O(log n/ε) and O(1/ε) samples, respectively; cf. Section 7.1). Finally we use additional O(1/ε) samples to check that both... |