Encryption and Signature Scheme implementation for Data Integrity using Recoverable

Wireless sensor networks have been widely deployed in many applications, e.g., military field surveillance, health care, environment monitor, accident report, etc. Each sensor detects a target within its radio range, performs simple computations, and communicates with other sensors. Generally, sensors are constrained in battery power, communication, and computation capability; therefore, reducing the power consumption is a critical concern for a WSN. Unfortunately, an adversary has the ability to capture cluster heads. It would cause the compromise of the whole cluster; these schemes restrict the data type of aggregation or cause extra transmission overhead. Besides, an adversary can still obtain the sensing data of its cluster members after capturing a cluster head. A well-known approach named Concealed Data end-to-end encryption and in-networking processing in WSN. Since CDA applies privacy homomorphism encryption with additive homomorphism, cluster heads are capable of executing addition operations on encrypted numeric data. There are several data aggregation schemes based on privacy homomorphism encryption have been proposed. These schemes provide better security compared with traditional aggregation However, the base station only retrieves the aggregated result, not individual data, which causes two problems. The usage of aggregation functions is constrained and base station cannot confirm data integrity and authenticity. IndexTerms—Wireless sensor networks, aggregation, data integrity, privacy homomorphism, Concealed data. I. I.INTRODUCTION A Wireless Sensor Network typically consists of a sink node sometimes referred to as a Base Station and a number of small wireless sensor nodes. The base station is assumed to be secure with unlimited energy while the sensor nodes are assumed to be unsecured with limited available energy. The sensor nodes monitor a geographical area and collect sensory information. Sensory information is communicated to the Base Station through Wireless hop by hop transmissions. To conserve energy this information is aggregated at intermediate sensor nodes by applying a suitable aggregation function on the received data. Aggregation reduces the amount of network traffic which helps to reduce energy consumption on sensor nodes. It however complicates the already existing security challenges for wireless sensor networksand requires new security techniques tailored specifically for this scenario. Providing security to aggregate data in Wireless Sensor Networks is known as Secure Data Aggregation in WSN. II.RELATED WORKS A number of schemes have been proposed based on the commit-and-attest principle. In these schemes, the base station broadcasts aggregation results to all sensors. Then, every sensor verifies that its sensing data were indeed counted. Another workcan actually count and sum even if a few compromised sensors inject false values. Yu introduces a random sampling technique that enables aggregation queries to not only detect malicious sensors, but also to tolerate them. On the other hand, several studies attempt to provide confidentiality. That is, an aggregator can directly execute addition operations on encrypted numeric data. CDA places more emphasis on passive attacks. More specifically, it considers if adversaries can eavesdrop the communications on the air. After CDA, succeeding research have been proposed to achieve higher security levels. They consider the following scenario. If sensors within the same cluster encrypt their sensing data with a common secret key, an adversary may decrypt or fake the aggregated cipher text by I.2418 Encryption and Signature Scheme implementation for Data Integrity using Recoverable Concealed Data Aggregation ISSN 2277-1956/V1N4-2417-2423 compromising only one sensor. A new PH-based aggregation scheme to overcome this security problem by generating a temporal key for each transmission. Although the influence of compromising a sensor is actually reduced, two practical issues must be considered. First, rekeying operations for each sensor cause this scheme to be impractical. Second, a synchronization mechanism should be provided. Later, Mykletun proposed a data aggregation scheme based on addition Homomorphic public-key encryption. It seems more secure since every sensor stores only public key. The adversary cannot launch the same attack through compromising only one sensor. Nevertheless, the adversary can still impersonate other legal sensors to send the forged ciphertext to the cluster head with the same public key. III.PRELIMINARIES In this section, we first describe the network models and define the attack model. Then, Mykletun et al.’s and Boneh schemes are reviewed since they are the foundation of the proposed schemes. A. Network Model A WSN is controlled by a base station (BS). A BS has large bandwidth, strong computing capability, sufficient memory, and stable power to support the cryptographic and routing requirements of the whole WSN. Besides the BS, sensors (SNs) are also deployed to sense and gather responsible results for the BS. Typical SNs are small and low cost; hence, SNs are limited on computation, storage, and communication capability. Generally, all SNs in a WSN may be divided into several clusters. Cluster-based WSN has several advantages such as efficient energy management, better scalability of MAC or routing. Each cluster has a cluster head responsible for collecting and aggregating sensing data from SNs within the same cluster. A CH then sends the aggregation results to the BS. In a homogeneous WSN, cluster heads act as normal SNs. On the other hand, cluster heads act as by powerful high-end sensors (H-Sensors), in a heterogeneous WSN which incorporates different types of SNs with different capabilities. B. Attack Model The attack model is defined based on the ability of adversaries. Here, we consider the following three cases: 1. Without compromising any SN or CH. An adversary can only eavesdrop on packets in the air, so he can modify or inject the forged messages with this public information. 2. Compromising SNs. After compromising a SN, an adversary can obtain secrets such as encryption/ decryption keys. Then, an adversary can obtain sensing data and packets passed through the captured SN or impersonate this compromised sensor to forge malicious data. 3. Compromising CHs. After compromising a CH, an adversary can obtain the secrets and perform the following attacks. First, an adversary can decrypt the ciphertext of sensing data sent by its cluster members. Second, an adversary can generate forged aggregation results. C. Mykletun et al.’s Encryption Scheme Mykletun et al. proposed a concealed data aggregation scheme based on the elliptic curve ElGamal (EC-EG) cryptosystem. It consists of four procedures: key generation (KeyGen), encryption (Enc), aggregation (Agg), and decryption (Dec). In Fig. 1, symbol þ and 3 denote addition and scalar multiplication on elliptic curve points, respectively. D.Boneh et al.’s Signature Scheme Boneh proposed an aggregate signature scheme which merges a set of distinct signatures into one aggregated signature. This scheme consists of five procedures: key generation (KeyGen), signing (Sign), verifying (Verify), aggregation (Agg), and verifying aggregated signature (Agg-Verify). Boneh et al.’s scheme is based on bilinear map IJECSE, Volume 1, Number 4 P. Gunasekaran and B. Sivakumar I.2419 ISSN 2277-1956/V1N4-2417-2423 en which is defined as en1⁄4G13G2!GT , where groups G1, G2, and GTare cyclic groups of prime order n. IV. A RCDA SCHEME FOR HOMOGENEOUS WSN (RCDA-HOMO) A.Construction of RCDA-HOMO RCDA-HOMO is composed of four procedures: Setup,Encrypt-Sign, Aggregate, and Verify. The Setup procedure isto prepare and install necessary secrets for the BS and each sensor. When a sensor decides to send sensing data to its CH, it performs Encrypt-Sign and sends the result to the CH. Once the CH receives all results from its members, itactivates Aggregate to aggregate what it received, and then sends the final results (aggregated cipher text and signature) to the BS. The last procedure is Verify. The BS first extracts individual sensing data by decrypting the aggregated ciphertext. Afterward, the BS verifies the authenticity and integrity of the decrypted data based on the corresponding aggregated signature. Fig 1: An example of Homogeneous WSN To present RCDA-HOMO in a simple way, we choose Cluster 1 (see Fig. 2) as an example. SN! is selected as CH of Cluster 1 which contains the remaindering sensors, {SN1;. . .; SN!31}. The detailed procedures are listed as follows: Setup: BS generates the following key pairs: 1. (PSNi , RSNi ): For each sensor SNi, the BS generates ðPSNi ; RSNi Þ by KeyGen procedure (see Boneh et al.’sscheme in Fig. 1) where PSNi1⁄4vi and RSNi1⁄4xi. 2. (PBS , RBS ): These keys are generated by KeyGen procedure (see Mykletun et al.’s scheme in Fig. 1) where PBS1⁄4 fY ; E; p; G; ng and RBS1⁄43. After that, RSNi , PBS, and H are loaded to SNi for all i. Finally, the BS keeps all public keys PSNi and its own RBS in privacy. Encrypt-Sign: This procedure is triggered while a sensordecides to send its sensing data to the cluster head (CH1 in Fig. 2). Verify: While receiving (c^,3^) from CH1, BS can recoverand verify each sensing data. Similarly, the BS may receive other ciphertext and signature pairs form other clusters. The BS can recover all sensing data within the whole WSN. After confirming the integrity of all data, the BS can perform any operations if it wants since all individual data are reverted. I.2420 Encryption and Signature Scheme implementation for Data Integrity using Recoverable Concealed Data Aggregation ISSN 2277-1956/V1N4-2417-2423 V. A RCDA FOR HETEROGENEOUS WSN (RCDA-HETE) Here, we consider another environment, heterogeneous WSN. A concealed data aggregation scheme for heterogeneous WSN has been proposed; however, their scheme does not provide data integrity and recovery. We first propose native RCDA-HETE scheme. Later, we will propose another scheme named RCDA-HETE if HSensors are designed to be tamper-resistant. A.RCDA-HETE Scheme Actually, RCDA-HOMO can be applied to heterogeneous WSN without modification. We call this approach native RCDA-HETE. Since H-Sensors are capable of stronger computation ability and stable power supply, they can perform more complex tasks than L-Sensors. Thus, H-sensors can act as cluster heads. Obviously, native RCDAHETE also achieves the Recovery property. B. RCDA-HETE Scheme Here, we attempt to fully exploit H-Sensors which have stronger computing capability. Operations on L-Sensors could be switched to H-Sensors. In addition, H-Sensors can be designed to be tamper-resistant, so we may allow HSensors to store the partial secret information if required. With these considerations, we redesign an RCDA scheme named RCDA-HETE. While the use of tamper-resistant devices may raise the hardware cost; however, in a heterogeneous WSN, majority of sensors are low-end sensors. In our design, computation cost on L-Sensors is switched to H-Sensors, so L-Sensors can be very cheap and simple. In fact, the overall hardware cost is reduced. RCDA-HETE is composed of five procedures: Setup, Intracluster Encrypt, Intercluster Encrypt, Aggregate, and Verify. In the Setup procedure, necessary secrets are loaded to each H-Sensor and L-Sensor. Intracluster Encrypt procedure involves when L-Sensors desire to send their sensing data to the H-Sensor. In the Intercluster Encrypt procedure, each H-Sensor aggregates the received data and then encrypts and signs the aggregated result. Fig 2: An Example of Heterogeneous WS In addition, if an H-Sensor receives cipher texts and signatures from other H-Sensors on its routing path, it activates the Aggregate procedure. Finally, the Verify procedure ensures the authenticity and integrity of each aggregated result. To explain RCDA-HETE clearly, a heterogeneous WSN is given in Fig. 2. IJECSE, Volume 1, Number 4 P. Gunasekaran and B. Sivakumar I.2421 ISSN 2277-1956/V1N4-2417-2423 VI. IMPLEMENTATION AND EVALUATION In this section, the implementation of the proposedschemes is given first. Then, the evaluated results on the proposed schemes are given. A. Implementation The proposed schemes were all implemented on physical sensors. For homogeneous WSNs, MICAz is selected as our platform. For heterogeneous WSNs, MICAz acts as L-Sensor, and SCAN-ZB32 produced by ITRI is selected as H-Sensor. Software libraries and programs are implemented functions from Mykletun et al.’s (called MYK for short) and Boneh schemes (called BON for short). Functions in MYK all involve elliptic curve cryptography; hence, weutilize the TinyECC (v1.0) library to implement MYK. Since BON requires bilinear map construction, we adopt TinyPBC to meets this requirement. TABLE 1 Performance and Cost Evaluation of the Proposed Schemes RCDA-HOMO Native RCDA-HETE RCDA-HETE Processing Delay (ms) 3702.09 3702.09 2.970 Processing Energy (μJ) 12079.9 12079.9 49.69 Aggregation Delay (ms) 73.71 3.371 3.371 Aggregation Energy (μJ) 204/52 57.81 57.81 Payload Size (bit) 476 476 256 Comm. Cost (μJ) 338.4 338.4 153.6 B. Performance and Cost Evaluation TABLE 2 Comparison Results of Selected Literatures Processing Delays (ms) Aggregation Delay (ms) Payload Size (bit) Comm. Cost (μJ)