Secure and Privacy-Preserving Data Aggregation Protocols for Wireless Sensor Networks

This chapter discusses the need of security and privacy protection mechanisms in aggregation protocols used in wireless sensor networks (WSN). It presents a comprehensive state of the art discussion on the various privacy protection mechanisms used in WSNs and particularly focuses on the CPDA protocols proposed by He et al. (INFOCOM 2007). It identifies a security vulnerability in the CPDA protocol and proposes a mechanism to plug that vulnerability. To demonstrate the need of security in aggregation process, the chapter further presents various threats in WSN aggregation mechanisms. A large number of existing protocols for secure aggregation in WSN are discussed briefly and a protocol is proposed for secure aggregation which can detect false data injected by malicious nodes in a WSN. The performance of the protocol is also presented. The chapter concludes while highlighting some future directions of research in secure data aggregation in WSNs.Comment: 32 pages, 7 figures, 3 table

PAgIoT - Privacy-preserving aggregation protocol for internet of things

Modern society highly relies on the use of cyberspace to perform a huge variety of activities, such as social networking or e-commerce, and new technologies are continuously emerging. As such, computer systems may store a huge amount of information, which makes data analysis and storage a challenge. Information aggregation and correlation are two basic mechanisms to reduce the problem size, for example by filtering out redundant data or grouping similar one. These processes require high processing capabilities, and thus their application in Internet of Things (IoT) scenarios is not straightforward due to resource constraints. Furthermore, privacy issues may arise when the data at stake is personal. In this paper we propose PAgIoT, a Privacy-preserving Aggregation protocol suitable for IoT settings. It enables multi-attribute aggregation for groups of entities while allowing for privacy-preserving value correlation. Results show that PAgIoT is resistant to security attacks, it outperforms existing proposals that provide with the same security features, and it is feasible in resource-constrained devices and for aggregation of up to 10 attributes in big networks.This work was partially supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and the CAM grant S2013/ICE-3095 CIBERDINE-CM (CIBERDINE: Cybersecurity, Data, and Risks) funded by the Autonomous Community of Madrid and co-funded by European funds

OPQ: OT-based private querying in VANETs

We consider the querying service (e.g., location-based query service) in vehicular ad hoc networks (VANETs). Querying service has been studied in various kinds of networks such as traditional mobile phone networks and other mobile ad hoc networks. However, existing schemes are either not suitable for VANETs due to their highly dynamic environment or do not provide a privacy-preserving solution. In this paper, we first discuss the security concerns of providing a querying service that ensures that a query will not be linkable to the querier. Then, we briefly highlight the characteristics of VANETs, which make the problem different from other types of networks. Finally, we propose a solution for solving the problem by using techniques of pseudoidentity, indistinguishable credentials, and oblivious transfer. We show that, although all infrastructure units collude, it is still impossible to link the real identity of the user to a query. Based on our simulation study, we show that our scheme is effective in terms of processing delay, message overhead, and success rate. © 2011 IEEE.published_or_final_versio

Privacy and security protection in cloud integrated sensor networks

Wireless sensor networks have been widely deployed in many social settings to monitor human activities and urban environment. In these contexts, they acquire and collect sensory data, and collaboratively fuse the data. Due to resource constraint, sensor nodes however cannot perform complex data processing. Hence, cloud-integrated sensor networks have been proposed to leverage the cloud computing capabilities for processing vast amount of heterogeneous sensory data. After being processed, the sensory data can then be accessed and shared among authorized users and applications pervasively. Various security and privacy threats can arise when the people-centric sensory data is collected and transmitted within the sensor network or from the network to the cloud; security and privacy remain a big concern when the data is later accessed and shared among different users and applications after being processed. Extensive research has been conducted to address the security and privacy issues without sacrificing resource efficiency. Unfortunately, the goals of security/privacy protection and resource efficiency may not be easy to accomplish simultaneously, and may even be sharply contrary to each other. Our research aims to reconcile the conflicts between these goals in several important contexts. Specifically, we first investigate the security and privacy protection of sensory data being transmitted within the sensor network or from the sensor network to the cloud, which includes: (1) efficient, generic privacy preserving schemes for sensory data aggregation; (2) a privacy-preserving integrity detection scheme for sensory data aggregation; (3) an efficient and source-privacy preserving scheme for catching packet droppers and modifiers. Secondly, we further study how to address people\u27s security and privacy concerns when accessing sensory data from the cloud. To preserve privacy for sensory data aggregation, we propose a set of generic, efficient and collusion-resilient privacy-preserving data aggregation schemes. On top of these privacy preserving schemes, we also develop a scheme to simultaneously achieve privacy preservation and detection of integrity attack for data aggregation. Our approach outperforms existing solutions in terms of generality, node compromise resilience, and resource efficiency. To remove the negative effects caused by packet droppers and modifiers, we propose an efficient scheme to identify and catch compromised nodes which randomly drop packets and/or modify packets. The scheme employs an innovative packet marking techniques, with which selective packet dropping and modification can be significantly alleviated while the privacy of packet sources can be preserved. To preserve the privacy of people accessing the sensory data in the cloud, we propose a new efficient scheme for resource constrained devices to verify people\u27s access privilege without exposing their identities in the presence of outsider attacks or node compromises; to achieve the fine-grained access control for data sharing, we design privacy-preserving schemes based on users\u27 affiliated attributes, such that the access policies can be flexibly specified and enforced without involving complicated key distribution and management overhead. Extensive analysis, simulations, theoretical proofs and implementations have been conducted to evaluate the effectiveness and efficiency of our proposed schemes. The results show that our proposed schemes resolve several limitations of existing work and achieve better performance in terms of resource efficiency, security strength and privacy preservation

IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead