76 5. SECURE AGGREGATION OF DATA IN A SENSOR CLOUD
and so the parent node will be able to aggregate the shares to aggregate the data. However,
because each node is sending all the shares to its parent, it is straightforward for a curious ag-
gregator to regenerate the data and thus subvert the confidentiality. To prevent this, each node
scrambles the shares by subtracting modulo prime, a scrambling key shared between each node
and the base station from the shares. is scrambling procedure is very lightweight and preserves
the homomorphic property of RSS. Homomorphic encryption could be used for this purpose
but scrambling is preferred since it consumes negligible energy compared to encryption while
still being secure. Finally, to preserve the integrity of the data, the intuition is to have some
additional information, along with the shares to help the base station in the detection of any
changes in the data. An integrity key is used for this purpose. Each node has its own integrity
key which it shares with the base station. is integrity key is embedded in the RSS shares, as
RSS allows us to store extra pieces of information in the shares.
5.4.1 THE PIP ALGORITHM
e basic PIP algorithm consists of two sub-algorithms, one for generating the shares from the
data and the keys and the other for regenerating data and checking its integrity. e algorithm
assumes that the sensor nodes are randomly deployed in a field and they organize themselves
into a tree hierarchy using the tree construction algorithm shown in Algorithm 5.1. e base
station preloads each sensor with a pseudo-random function (PRF) f .:/, a network wide nonce
n, three distinct random seeds r
1
, r
2
, r
3
, a network-wide random seed r
4
, and the network-wide
prime number p. Before every round, a sensor node uses the PRF f .:/ on the nonce n, using
the random seeds r
1
, r
2
, r
3
, r
4
as keys, to generate the perturbation key , a scrambling key ‰
and an integrity key I D fI
0
; I
00
g, as shown in Algorithm 5.4.
ese keys will be used in this round as explained below and will also be used as ran-
dom seeds for the key generation in the next round. Keep in mind that all the operations are
performed mod p. In the basic PIP algorithm, a sensor S
k
uses the perturbation key
k
, and
the sensor reading ı
k
to generate perturbed data ı
k
. Recursive secret sharing is then used and
a linear combination of the integrity key I
0
k
C I
00
k
ı
k
and data, ı
k
are encoded to create the
shares !
2
k
.3/; !
2
k
.4/; and !
2
k
.5/. If these shares are sent to the aggregator, then a malicious ag-
gregator would be able to easily replace the data in the shares with corrupt data, keeping the
integrity key intact. We use the scrambling key
‰
k
to scramble the shares and prevent this from
happening. e scrambled shares
1
k
;
2
k
; and
3
k
are generated, as shown in the Algorithm 5.4.
Each leaf node sends the scrambled shares
1
k
;
2
k
; and
3
k
to its parent, which aggregates the
shares received from all of its children. e aggregate shares
1
agg
;
2
agg
; and
3
agg
are calculated
as
1
agg
D
P
1
;
2
agg
D
P
2
;
3
agg
D
P
3
, where the summation is over all children. e base
station then uses the sum of the scrambling keys
P
‰ to unscramble the aggregate shares to
obtain !
2
agg
.3/; !
2
agg
.4/, and !
2
agg
.5/. ese shares are then used to decode received perturbed
data
!
1
agg
.0/
and the linear combination of integrity keys and the perturbed data
!
2
agg
.0/
. If the
equation !
2
agg
.0/ !
1
agg
.0/I
00
k
D
P
n
kD1
I
0
k
holds, the base station can be sure that the data has
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.