skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


Title: Secure Data Aggregation in Wireless Sensor Networks: Enumeration Attack and Countermeasure
Data aggregation is a key primitive in wireless sensor networks and refers to the process in which the sensed data are processed and aggregated en-route by intermediate sensor nodes. Since sensor nodes are commonly resource constrained, they may be compromised by attackers and instructed to launch various attacks. Despite the rich literature on secure data aggregation, most of the prior work focuses on detecting intermediate nodes from modifying partial aggregation results with two security challenges remaining. First, a compromised sensor node can report arbitrary reading of its own, which is fundamentally difficult to detect but widely considered to have limited impact on the final aggregation result. Second, a compromised sensor node can repeatedly attack the aggregation process to prevent the base station from receiving correct aggregation results, leading to a special form of Denial-of-Service attack. VMAT [1] (published in ICDCS 2011) is a representative secure data aggregation scheme with the capability of pinpointing and revoking compromised sensor nodes, which relies on a secure MIN aggregation scheme and converts other additive aggregation functions such as SUM and COUNT to MIN aggregations. In this paper, we introduce a novel enumeration attack against VMAT to highlight the security vulnerability of a sensor node reporting an arbitrary reading of its own. The enumeration attack allows a single compromised sensor node to significantly inflate the final aggregation result without being detected. As a countermeasure, we also introduce an effective defense against the enumeration attack. Theoretical analysis and simulation studies confirm the severe impact of the enumeration attack and the effectiveness of the countermeasure.  more » « less
Award ID(s):
1718078 1651954 1700039
PAR ID:
10110841
Author(s) / Creator(s):
;
Date Published:
Journal Name:
ICC 2019 - 2019 IEEE International Conference on Communications (ICC)
Page Range / eLocation ID:
1 to 7
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. The Internet of Things (IoT) has significantly advanced the application of Wireless Sensor Networks (WSNs) in Structural Health Monitoring (SHM), particularly for civil engineering infrastructure. While unmanned aerial vehicles (UAVs) are commonly employed for data collection, this paper proposes a novel approach using Bluetooth Low Energy (BLE) for synchronization and data gathering in SHM systems. Unlike traditional methods that may suffer from compromised network security and increased energy demands, the BLE-based system ensures that individual sensor nodes operate autonomously, providing inherent security benefits and improved battery longevity. Each sensor node acts independently, minimizing the risk to the overall network if a single node is compromised. We present a synchronization scheme that leverages BLE's low-power consumption to enhance the SHM of bridges, supported by a prototype developed using a PASCO bridge kit with wireless load cells and accelerometers. The proposed BLE protocol, to the best of the authors' knowledge, represents an unexplored avenue in SHM, promising increased safety and efficiency in sensor networks. 
    more » « less
  2. null (Ed.)
    Blockchain technology has recently gained high popularity in data security, primarily to mitigate against data breach and manipulation. Since its inception in 2008, it has been applied in different areas mainly to maintain data integrity and consistency. Blockchain has been tailored to secure data due to its data immutability and distributive technology. Despite the high success rate in data security, the inability to identify compromised insider nodes is one of the significant problems encountered in blockchain architectures. A Blockchain network is made up of nodes that initiate, verify and validate transactions. If compromised, these nodes can manipulate submitted transactions, inject fake transactions, or retrieve unauthorized information that might eventually compromise the stored data's integrity and consistency. This paper proposes a novel method of detecting these compromised blockchain nodes using a server-side authentication process and thwart their activities before getting updated in the blockchain ledger. In evaluating the proposed system, we perform four common insider attacks, which fall under the following three categories: (1)Those attacks targeting the Blockchain to bring it down. (2) the attacks that attempt to inject fake data into the database. (3) The attacks that attempt to hijack or retrieve unauthorized data. We described how we implement the attacks and how our architecture detects them before they impact the network. Finally, we displayed the attack detection time for each attack and compared our approach with other existing methods. 
    more » « less
  3. Canteaut, A.; Standaert, F. (Ed.)
    We present passive attacks against CKKS, the homomorphic encryption scheme for arithmetic on approximate numbers presented at Asiacrypt 2017. The attack is both theoretically efficient (running in expected polynomial time) and very practical, leading to complete key recovery with high probability and very modest running times. We implemented and tested the attack against major open source homomorphic encryption libraries, including HEAAN, SEAL, HElib and PALISADE, and when computing several functions that often arise in applications of the CKKS scheme to machine learning on encrypted data, like mean and variance computations, and approximation of logistic and exponential functions using their Maclaurin series. The attack shows that the traditional formulation of IND-CPA security (or indistinguishability against chosen plaintext attacks) achieved by CKKS does not adequately capture security against passive adversaries when applied to approximate encryption schemes, and that a different, stronger definition is required to evaluate the security of such schemes. We provide a solid theoretical basis for the security evaluation of homomorphic encryption on approximate numbers (against passive attacks) by proposing new definitions, that naturally extend the traditional notion of IND-CPA security to the approximate computation setting. We propose both indistinguishability-based and simulation-based variants, as well as restricted versions of the definitions that limit the order and number of adversarial queries (as may be enforced by some applications). We prove implications and separations among different definitional variants, and discuss possible modifications to CKKS that may serve as a countermeasure to our attacks. 
    more » « less
  4. Secure aggregation, which is a core component of federated learning, aggregates locally trained models from distributed users at a central server. The “secure” nature of such aggregation consists of the fact that no information about the local users’ data must be leaked to the server except the aggregated local models. In order to guarantee security, some keys may be shared among the users (this is referred to as the key sharing phase). After the key sharing phase, each user masks its trained model which is then sent to the server (this is referred to as the model aggregation phase). This paper follows the information theoretic secure aggregation problem originally formulated by Zhao and Sun, with the objective to characterize the minimum communication cost from the K users in the model aggregation phase. Due to user dropouts, which are common in real systems, the server may not receive all messages from the users. A secure aggregation scheme should tolerate the dropouts of at most K – U users, where U is a system parameter. The optimal communication cost is characterized by Zhao and Sun, but with the assumption that the keys stored by the users could be any random variables with arbitrary dependency. On the motivation that uncoded groupwise keys are more convenient to be shared and could be used in large range of applications besides federated learning, in this paper we add one constraint into the above problem, namely, that the key variables are mutually independent and each key is shared by a group of S users, where S is another system parameter. To the best of our knowledge, all existing secure aggregation schemes (with information theoretic security or computational security) assign coded keys to the users. We show that if S > K–U, a new secure aggregation scheme with uncoded groupwise keys can achieve the same optimal communication cost as the best scheme with coded keys; if S ≤ K – U, uncoded groupwise key sharing is strictly sub-optimal. Finally, we also implement our proposed secure aggregation scheme into Amazon EC2, which are then compared with the existing secure aggregation schemes with offline key sharing. 
    more » « less
  5. Side-channel analysis is a non-invasive form of attack that reveals the secret key of the cryptographic circuit by analyzing the leaked physical information. The traditional brute-force and cryptanalysis attacks target the weakness in the encryption algorithm, whereas side-channel attacks use statistical models such as differential analysis and correlation analysis on the leaked information gained from the cryptographic device during the run-time. As a non-invasive and passive attack, the side-channel attack brings a lot of difficulties for detection and defense. In this work, we propose a key update scheme as a countermeasure for power and electromagnetic analysis-based attacks on the cryptographic device. The proposed countermeasure utilizes a secure coprocessor to provide secure key generation and storage in a trusted environment. The experimental results show that the proposed key update scheme can mitigate side-channel attacks significantly. 
    more » « less