72 5. SECURE AGGREGATION OF DATA IN A SENSOR CLOUD
tion scheme for efficient data encryption and an ECC-based aggregate digital signature scheme
that is able to aggregate and verify digital signatures. is scheme protects both the confiden-
tiality and integrity of data and is resilient against the false data injection attacks. Our second
solution is based on symmetric key approaches and also provides both data confidentiality and
data integrity. is solution is also resilient to data injection attacks and, by virtue of being a
symmetric key solution, is more energy-efficient than the first solution.
5.3 SECURE HIERARCHICAL DATA AGGREGATION
ALGORITHM
e secure hierarchical data aggregation algorithm employs homomorphic encryption and ag-
gregate digital signatures for providing end-to-end confidentiality and data integrity. e en-
cryption algorithm used is Elliptic Curve Elgamal (ECEG), which is the Elgamal encryption
algorithm adapted to work on elliptic curves. e digital signature algorithm is a version of the
Elliptic Curve Digital Signature Algorithm (ECDSA) modified to allow for signature aggre-
gation. We also designed a secure tree construction algorithm shown in Algorithm 5.1 which
favors strong bidirectional links and organizes the nodes in a tree hierarchy. e tree construc-
tion algorithm adapts to node disconnection and consists of a reconfiguration procedure shown
in Algorithm 5.2 that can be used by disconnected nodes to connect back to the network. is
procedure helps in increasing the connectivity of the network under a node capture or denial of
service attack.
After the nodes are deployed, they start the tree construction protocol and organize them-
selves in a tree hierarchy rooted at the base station. Once the tree construction is over, the nodes
start sensing data. Each node then generates a reading x. e reading is signed using the ag-
gregate signature algorithm and SIG(x) is generated. e reading is then encrypted using the
homomorphic encryption algorithm and the ciphertext ENC(x) is produced. e leaf nodes
of the tree send the encrypted data, signature and the public key corresponding to the private
key used for signature generation to their parent. After an intermediate node has received data
from all its children, it performs a summation of the encrypted readings (SUM-ENC), which is
possible because of homomorphic encryption. It also performs the summation of the signature
(SUM-SIG) using the aggregate signature algorithm and all the public keys (SUM-PK). SUM-
ENC, SUM-SIG, and SUM-PK are then sent to the node’s parent. is process is repeated at
every node until the data reaches the base station. In the remainder of this section, we discuss
the signature and encryption algorithms in more detail
5.3.1 MODIFIED ECDSA SIGNATURE ALGORITHM
e signature algorithm assumes the sensors are preloaded with the appropriate elliptic curve
parameters, the base station’s public key and a network wide random integer. e random integer
is used to compute a new integer k for each round at the sensors. Every sensor therefore generates