Distributed Data Aggregation in Wireless Sensor Network
with Peer Verification
Sumanta Chatterjee, Alwyn R. Pais and Sumit Saurabh
Dept. of Computer Science and Engineering, National Institute of Technology, Karnataka, Surathkal, India
Keywords:
Wireless Sensor Network, Secure Aggregation, Homomorphic Permutation, Commitment Protocol.
Abstract:
Data aggregation in wireless sensor network is implemented to reduce the communication overhead and to
reduce bandwidth utilization. Data confidentiality requires the sensor node to transmit the data in a secure
manner so that the adversary is unable to read the data or transmit false data even if it compromises some of
the sensor nodes or aggregation node. In this paper a distributed aggregation protocol using homomorphic
trapdoor permutation is proposed. This protocol distributes the responsibility of key generation , aggregation
and verification to different nodes to reduce the overall power consumption of the sensor network. The peer
verification scheme is also proposed as a part of the protocol. Peer verification ensures the authentication of
the data and sender node in the network, by at least k peer nodes. Security of the proposed protocol is analyzed
against passive and active adversary model.
1 INTRODUCTION
The term ”Internet of Things” was coined by Interna-
tional Telecommunication Unit (ITU) and European
Research Cluster on the Internet of Things (IERC).
A stack of four layers were proposed for the Internet
of Things architecture; Sensing Layer, Aggregation
Layer, Network Layer and Application Layer.
One of the important functionality of sensing layer
is aggregation of data. Data aggregation often in-
volves compaction of data from multiple sensors at in-
termediate nodes and transmission of the aggregated
data to the base station to eliminate redundancy. It is
essential to develop energy efficient data aggregation
algorithms. Aggregation while providing end-to-end
security is a challenging task. Data aggregation re-
quires some security considerations. It must ensure
that the information content is never revealed to the
unauthorized person or malicious adversary and that
the content is non-malleable ,unauthorized alteration
of the content is easily identifiable and there is no
replay attack due to stale data (Ozdemir and Xiao,
2009). During aggregation, network should be able
to identify external attacker and balance energy con-
sumption to increase availability of the network. It
must enable the aggregator to check that the message
is authenticated and also the sender of the message
is authorized and authenticated. Since wireless sen-
sor networks use a shared wireless medium,to detect
maliciously injected or spoofed packet, sensor nodes
require authentication mechanisms. Our contribution
in this paper is as follows
• We propose a distributed aggregation protocol to
distribute the responsibility of key generation , ag-
gregation and verification among different nodes
to reduce the overall power consumption of the
sensor network.
• The peer verification scheme using commitment
protocol is proposed to ensure the authentication
of the data and sender node in the network by at
least k nodes.
• To our knowledge, our paper is first to propose the
use of fully homomorphic trapdoor permutation to
ensure that active adversary is not able to read the
aggregated data from compromised aggregator.
The rest of the paper is organized as follows. In sec-
tion 2 we review some of the proposed methods for
secure data aggregation in Wireless Sensor Networks
(WSN). In section 2 also some preliminary concepts
are defined that are used in the proposed model. In
section 3 a new model for distributed data aggrega-
tion is discussed. Section 4 contains the conclusion
and future scope of study.
440
Chatterjee, S., Pais, A. and Saurabh, S.
Distributed Data Aggregation in Wireless Sensor Network - with Peer Verification.
DOI: 10.5220/0005991604400445
In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 4: SECRYPT, pages 440-445
ISBN: 978-989-758-196-0
Copyright
c
2016 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
2 LITERATURE REVIEW
Data aggregation is widely studied in wireless sen-
sor network (WSN). As sensors are very energy con-
strained devices , data aggregation is effective in con-
serving battery power, bandwidth utilization of over-
all lifetime of the sensor network (Krishnamachari
et al., 2002). Compromised sensor node can disclose
data and allow the adversary to inject false data into
the sensor network. Several protocols are proposed
for secured data aggregation in WSN. Proposed solu-
tions are either one aggregator model where all data
is aggregated by a single node or multiple aggrega-
tor model where several aggregators exchange data
among themselves. One of the very first solution for
secure data aggregation in WSN was proposed by Hu
and Evans (Hu and Evans, 2003). In this protocol one
way function is used to produce a key chain for each
node and the key is used only one time. Each node
sends the data with a message authentication code
(MAC) to its parent. Data aggregation and authentica-
tion (DAA) is proposed by (Ozdemir and C¸ am, 2010)
to enable false data detection in data aggregation with
confidentiality. The data aggregator forwarding node
is surrounded by T monitoring nodes. Each monitor
node pair with another T neighbour nodes of data ag-
gregator. Each of them compute a subMAC bit of T-
bit MAC of the data and send it to the forward aggre-
gator to verify the encrypted data. This protocol intro-
duces additional over head of key exchange and moni-
tor node establishment. A secure hop-by-hop data ag-
gregation protocol (SDAP) is proposed in (Yang et al.,
2008). SDAP uses probabilistic approach to dynam-
ically partitions the topology tree of the sensor net-
work into multiple logical groups (subtrees) of simi-
lar sizes. In (Castelluccia et al., 2009) pseudo random
function and one way hashing is used to perform ho-
momorphic encryption on the data using a secret key
for each sensor node. Data can be easily aggregated in
base station, but this model does not authenticate the
data sender and does not support integrity of the data
or prevent false data detection. A variation of DAA
is proposed by (Li et al., 2015) that uses fully homo-
morphic encryption to encrypt the data. Privacy ho-
momorphism over elliptic curve cryptography along
with a message authentication code is proposed by
(Ozdemir and Xiao, 2011) to preserves data confiden-
tiality and integrity in hierarchical data aggregation.
The idea of an end to end concealed data aggregation
using privacy homomorphism is explored in (West-
hoff et al., 2006).Verification of the sensor node using
witness aggregation is explained in (Du et al., 2003).
The witness nodes of each data aggregator compute
MACs of the aggregated data and also perform data
aggregation. The base station verify the correctness
of the data by aggregating and verifying the MACs
computed by the witness nodes. Secure data aggre-
gation in clustered network and a technique of slicing
the data and mixing is discussed in (He et al., 2007).
one draw back of the model is that the intermediate
sensor nodes is capable of changing the data while
sending it to the the aggregator. Hence confidentiality
constraints are not satisfied in this model.
Now we establish some preliminary concepts re-
quired in our proposed model.
2.1 Preliminary Concepts
Definition 1. Trapdoor Permutation (Schmidt-
Samoa, 2006): Trapdoor permutation family is a col-
lection of finite function F = { f
i
| f
i
: S
f
→ D
f
} such
that for every function f
• There exists a polynomial KEYGEN(1
λ
) func-
tion that for a given security parameter λ gener-
ates a pair f (.), f
−1
(.) and trapdoor information
|t
f
| < p(λ) such that the mapping (x, f (x)) → y
and (y, f
−1
(y)) → x can be computed in polyno-
mial time given the trapdoor information is avail-
able.
• There is a probabilistic polynomial time algorithm
that given f (.) can output a random element S
f
uniformly distributed in Range(S
f
).
• The function f is hard to invert without trapdoor
information t
f
. That is for every polynomial time
A there is a negligible function κ(λ) such that
Pr
( f , f
−1
)←
R
KEYGEN,x←
R
S
f
[A(1
λ
, f , f (x)) = x] < κ(λ)
(1)
• The domain Dom{D
f
} and range Range{S
f
} be-
ing {0, 1}
n
Hayasi, Okamoto, Tanaka proposed an algorithm
to obtain RSA trapdoor permutation in common do-
main (Hayashi et al., 2004).
3 PROPOSED MODEL
In this section we discuss a novel approach for data
aggregation in wireless sensor network in the pres-
ence of active and passive adversary. The protocol fo-
cuses on distributing the functionality of the key dis-
tribution, aggregation and verification.
3.1 Sensor Network and Adversary
Model
A sensor network consists of three types of nodes.
Sensor nodes collect the raw data , an aggregation
Distributed Data Aggregation in Wireless Sensor Network - with Peer Verification
441
node collects the data from sensor nodes to aggre-
gate them and base station (BS) finally receive the
aggregated data from the aggregation node. A sen-
sor network of N nodes can be represented using a
graph G =< V, E > where each sensor node is a ver-
tex SN
i
;1 ≤ i ≤ N ∈ V and each radio link between
a pair of sensor nodes (i, j) is an edge e
i j
∈ E;1 ≤
i, j ≤ N;i 6= j. Sensor nodes are distributed into clus-
ters. Each cluster is modeled using a subgraph con-
taining n nodes with each node connected to at least
k + 1 peers. A cluster head and a verifier node is se-
lected based on residual energy. Inclusion of a sensor
node into a cluster is governed by the minimization of
the parameter
1
n
∑
|e
ih
|, {1 ≤ i ≤ n; i 6= h}. SN
h
is the
elected cluster head.
An aggregation function is defined as y(t) =
f (m
1
(t), m
2
(t), . . . , m
n
(t)) where at time instance t,
y(t) is the data aggregated and m
i
(t) is the data col-
lected by i − th input node. In our protocol f (t) =
∏
N
i=1
m
i
(t). We also assume that the noise δ(t) in
this cluster follow a Gaussian distribution with mean
at zero and for each sensor node δ
i
m
i
. Hence,
∏
n
i=1
(m
i
+ δ
i
) =
∏
n
i=1
m
i
(1 +
δ
i
m
i
) ≈
∏
n
i=1
m
i
as (1 +
δ
m
) ≈ 1
Initially it is assumed that a probabilistic polyno-
mial time adversary is capable of eavesdropping the
conversation between different nodes and an access
to encryption oracle. In subsequent discussions we
discuss more powerful adversary who has access to
aggregation and verification oracle.
This paper used homomorphic trapdoor permuta-
tion to achieve data aggregation without revealing the
data to aggregator node while providing authentica-
tion and end to end security.
3.2 Distributed Aggregation Model
One of the drawbacks of single aggregator model in
energy constrained devices is that it puts additional
load in the aggregator to perform the aggregation, key
distribution and verification. Also, Once an aggre-
gator is identified, an active adversary can compro-
mise the aggregator to give permission to false sensor
nodes to inject data into the network without verifi-
cation. Hence we propose distributed model in algo-
rithm 3.1 to reduce the aggregation overhead of the
aggregator as well as to eliminate the effect if single
cluster head is compromised by the adversary.
In this algorithm, key distribution, aggregation
and verification activities are delegated to different
nodes. It is further assumed that the key distribu-
tion and verifier node has the topology details of the
cluster. Initially controller node and key-generator
node establish a secret key using Deffie-Hellman Key
exchange and key-generator creates a key-generation
parameter. It distributes keys to all sensors and re-
leases a commitment on the key-generation parame-
ter. Sensors encrypt the data and distribute fragments
among peer for authentication. After aggregation,
controller release a commitment on the shared key to
be used in verification.
3.2.1 Proof of Security
Theorem 1. Distributed data aggregation model is
secure against Indistinguishable Chosen Plain-text
Attack.
Proof. To prove that proposed model is secure against
chosen plain-text attack we propose the following se-
curity game.
• A probabilistic polynomial time adversary A with
access to encryption algorithm, chose a pair of
message vector m
0
and m
1
of equal length on
which he require the encrypted aggregation algo-
rithm to be challenged.
• The challenger flips an unbiased coin and chose
with uniform distribution b ∈ {0, 1} and encrypt
each message in vector m
b
and sends {α, β, γ}.
• Adversary chooses a random parameter r
a
∈ Z
n
such that r
−1
a
exists in Z
n
and selects b
0
∈ 0, 1 uni-
formly at random.
• If [βH(m
b
0
)
−1
]
r
−1
a
? = p
i
, p
i
is the public key in-
formation of the challenger; the adversary returns
b
0
.
• Adversary wins the game if he is correctly able to
produce b = b
0
in t such iterations.
Given a distinguisher
D(b, b
0
) =
1 i f b
0
= b
0 otherwise
(2)
For a negligible function ε(κ) over security pa-
rameter k advantage of adversary can be given as
Adv(A ) = Pr[D(b, b
0
) = 1] = Pr[βH(m
b
0
)
−1
]
r
−1
a
= p
i
]
=
1
2
+ Pr[D(A(g
ID
i
, α = g
ID
i
r
a
), g
r
a
) = 1] ≤
1
2
+ ε(κ)
By DDH argument , given α and ID
i
of the chal-
lenger, Adversary can successfully find a ran-
dom parameter r
a
such that α = g
ID
i
r
a
is negli-
gible. Thus choosing the correct b
0
, r
a
such as
[βH(m
b
0
)
−1
]
r
−1
a
= p
i
is also negligible.
Theorem 2. Passive adversary can not add any false
data to the encrypted message.
SECRYPT 2016 - International Conference on Security and Cryptography
442
Algorithm 3.1: Distributed Key Generation-Aggregation-
Verification.
Require: m
1
, m
2
, . . . , m
n
as sensor input and H(.) is
a homomorphic trapdoor permutation over public
key k, ID
1
, ID
2
, . . . ID
n
are the unique ids given to
each sensor node,multiplicative group G =< g >
is in Z
∗
n
.
Ensure: M =
∏
n
i=1
m
i
.
Initialization: A controller(aggregator) node, a
key generation node and a verifier node is se-
lected.
1. STEP 1: Controller node and Key Generation
node establish a shared secret e using secure key
exchange mechanism.
2. STEP 2: Key Generation node chose a random
r
a
∈ Z
∗
n
and generate the key generation parame-
ter x = er
a
.
3. STEP 3: Key generation node computes p
i
=
g
ID
i
x
where 1 ≤ i ≤ n and share the key in one
to one message.
4. STEP 4: Release the commitment φ = g
r
a
as the
session key.
Encryption:
5. STEP 1: j th Sensor Node choose a random r
j
∈
Z
∗
n
and computes α = φ
r
j
ID
j
, β = p
r
j
j
H(m
j
) for k.
6. STEP 2:i − th Sensor node split H(m
i
) in k sub
messages. H(m
i
) =
∑
k
j=1∧ j6=i
m
( j)
i
for sensor
node 1 ≤ j ≤ n.
7. STEP 3: Each sensor node distribute k fragments
of the message to k neighbors.
8. STEP 4: After receiving k partial messages
from peer sensor nodes j compute m
0
=
∑
k
t=1∧t6= j
m
( j)
t
− H(m
j
).
9. STEP 5: j-th Sensor node compute for a z ∈
G, γ = z
m
0
p
j
and send {α, β} to the aggregator
node and γ to the verifier node.
Aggregation:
10. STEP 1: Aggregator computes
∏
n
i=1
β
i
(
∏
n
i=1
α)
e
=
H(
∏
n
i=1
m
(i)
).
11. STEP 2: Aggregator releases commitment of the
shared secret key e as δ = φ
e
to the verifier node.
Verification:
Verifier verifies the authentication of the message
and the authentication of the sender by comput-
ing.
n
∏
i=1
γ? = (δ
∑
n
j=1
ID
j
) (3)
12. If the verification is successful aggregator trans-
mit the data to the base station with its ID.
13. The base station invert the trapdoor permutation
using its secret key to get M =
∏
n
i=1
m
i
.
Proof. We assume a polynomial time adversary A re-
ceives t tuples of {α
i
, β
i
, γ
i
} 1 ≤ i ≤ t from a prover.
Adversary computes {α
T
, β
T
, γ
T
} for a message of
his choice m
T
that satisfies the following aggregation
criteria.
∏
n
i=1
β
i
∗ β
T
(
∏
n
i=1
α ∗ α
T
)
e
= H(
t
∏
i=1
m
i
∗m
T
) =
t
∏
i=1
H(m
i
)∗H(m
T
).
Now prover plays the following security game with
the honest aggregator with an adversary A as a sub-
routine.
• Honest Key Generator with shared secret key e
and secret key r
a
, generates public key p = g
IDx
for the prover with identifier as ID and sends p to
prover and broadcast φ.
• Prover chose a message vector m =
{m
0
, m
1
, . . . , m
t
} and send t-tuples {α
i
, β
i
, γ
i
}
such that 1 ≤ i ≤ t to A
• Adversary chose a message m
T
and send back
{α
T
, β
T
, γ
T
, m
T
}.
• Prover invoke the Verification function with mes-
sage vector M = m ∪ m
T
. and t + 1 tuple
{α
i
, β
i
, γ
i
} such that 1 ≤ i ≤ t and {α
T
, β
T
, γ
T
}.
• If verification is correct then Prover asked adver-
sary for random parameter r
a
∈ Z
p
and H(m
T
)
−1
.
• Prover then computes [β
T
H(m
T
)
−1
(g
ID
−1
)] = g
x
Thus if adversary is able to add a new data of his
choice to the encrypted message, a polynomial time
prover can use the adversary to break discrete log
problem. Thus by the hardness assumption of dis-
crete log problem, adversary can not append data of
his choice to the encrypted message.
3.2.2 Security Analysis for Active Adversary
In this security analysis we enhance the capability of
the adversary to be able to compromise the controller
node or the key distributor node or the verifier node. If
the adversary A compromises the aggregator, he can
run the key exchange conversation with the key gen-
erator to establish a shared secret key. To generate a
public key p
t
for an unauthorized sensor node t adver-
sary need to compute p
t
= g
xt
where g
x
= g
er
a
;r
a
∈ Z
n
is the secret of the key generator node and φ = g
r
a
is
the session key. Assume the polynomial time Adver-
sary (A) receives e, φ ∈ G as input and generate a valid
key generation parameter g
x
. Given a distinguisher D,
Pr[D(g
x
, g
er
a
) = 1] = Pr[D(A(G, g, φ, e), g
er
a
) = 1]
= Pr[D(A(G, g, g
e
, g
r
a
), g
er
a
)] ≤ ε(κ)
by Decision Diffie-Hellman assumption where ε(κ) is
negligible function defined over security parameter κ.
Distributed Data Aggregation in Wireless Sensor Network - with Peer Verification
443
Thus the probability that a polynomial time adversary
can generate an unauthorized key is negligible.
But the adversary can aggregate the data on behalf
on the compromised aggregator and also can inject
false data in the process as follows.
• Adversary computes
∏
β
(
∏
α)
e
= H(
∏
n
i=1
m
i
)
• Adversary computes for a random
m
T
;H(
∏
n
i=1
m
i
∗ m
T
) = H(
∏
n
i=1
m
i
) ∗ H(m
T
)
If the adversary compromises the key generator
node, then he can run the key exchange protocol with
aggregator to establish a shared key. Since it will gain
access to the secret r
a
of the key generator node, it
will be able to generate public key for unauthorized
node in the sensor network. But the advantage of the
adversary is nullified as the unauthorized node will
not able to send the data to the base station as the ver-
ifier node possess all the IDs of the node authenticated
to send data for aggregation.
3.3 Secure Aggregation against Active
Attacker
The model of data aggregation described so far allows
an active adversary to add a data to the aggregated
result, Verification process provide authentication of
the sensors nodes and authentication of the message
being sent by the sensor but fail to detect alteration
of the data by compromised aggregator. And also
this verification method fails to identify if the sensor
node compute H(m
i
) but distribute the component of
H(m0) among peers thus violating the non repudia-
tion criteria. Therefore we propose modification of
the algorithm 3.1 in 3.2 to accommodate the needs to
protect against active adversary and malicious sensor
node. In this modification, instead of sending the sen-
sor data into pieces, sensor node compute the compli-
ment of the sensor data and split it into k segment. Af-
ter aggregation, aggregator releases the commitment
on the shared secret and the compliment of the aggre-
gated data.
3.3.1 Security Analysis for Active Adversary
Now we check the probability of an adversary A to
inject the false aggregated data into the network if he
is able to compromise aggregator node.
Theorem 3. Adversary can not add any false data to
the encrypted message.
Proof. We assume a polynomial time adversary A re-
ceives a t tuple of {α
i
, β
i
, γ
i
} 1 ≤ i ≤ t from a prover.
A can request the random oracle to get aggregation
Algorithm 3.2: Secure Distributed Aggregation.
Require: m
1
, m
2
, . . . , m
n
as sensor input and H(.) is
a homomorphic trapdoor permutation over public
key k, ID
1
, ID
2
, . . . ID
n
are the unique identifiers
given to each sensor nodes, G =< g > is in Z
∗
n
Ensure: M =
∏
n
i=1
m
i
Initialization: A controller node, a key genera-
tion node and a verifier node is selected.
1. STEP 1: Controller node and Key Generation
node establish a shared secret e using secure key
exchange mechanism.
2. STEP 2: Key Generation node choses a random
r
a
∈ Z
∗
n
and generate the key generation parame-
ter x = er
a
3. STEP 3: For each sensor node, key generation
node computes p
i
= g
ID
i
x
where 1 ≤ i ≤ n and
share the key in one to one message.
4. STEP 4: Release the commitment φ = g
r
a
as the
session key.
Encryption:
5. STEP 1: j th Sensor Node choose a random r ∈
Z
∗
n
and computes α = φ
r
j
ID
j
, β = p
r
j
j
H(m
j
).
6. STEP 2: i −th Sensor node compute complement
of H(m
i
) as [H(m
i
)]
c
and split in k sub messages.
[H(m
i
)]
c
=
∑
k
j=1
m
( j)
i
for sensor node 1 ≤ j ≤ k
7. STEP 3: Each sensor node distribute k fragments
of the message to k neighbours.
8. STEP 4: After receiving k partial messages from
peers, sensor node j computes m
0
=
∑
k
t=1,t6= j
m
( j)
t
9. STEP 5: j th Sensor node computes for a z ∈
G, γ = z
m
0
p
j
and send {α, β} to the aggregator
node and γ to the verifier node.
Aggregation:
10. STEP 1: Aggregator computes
∏
n
i=1
β
i
(
∏
n
i=1
α)
e
=
H(
∏
n
i=1
m
i
) = M.
11. STEP 2: Aggregator compute commitment of the
shared secret key e as δ = φ
e
and aggregated mes-
sage as C = z
[M]
c
and release (δ,C)to the verifier
node.
Verification:
Verifier verifies the authentication of the message
and the authentication of the sender by comput-
ing.
C? =
∏
n
i=1
γ
δ
∑
n
j=1
ID
j
(4)
12. If the verification is successful aggregator append
its ID and send C data to the base station.
13. The base station verifies C? = z
[M]
c
and invert the
trapdoor permutation using its secret key to get
M =
∏
n
i=1
m
i
.
SECRYPT 2016 - International Conference on Security and Cryptography
444
M = H(
∏
t
i=0
m
i
) =
∏
n
i=1
β
i
(
∏
n
i=1
α)
e
and release of the com-
plement of the aggregation as C =
∏
t
i=1
γ
δ
∑
t
j=1
ID
j
for the set
of data. Adversary computes {α
T
, β
T
, γ
T
} for a mes-
sage of his choice m
T
such that it satisfies the aggre-
gation and verification criteria.
∏
n
i=1
β
i
∗ β
T
(
∏
n
i=1
α ∗ α
T
)
e
= H(
t
∏
i=1
m
i
∗ m
T
)
z
[M∗H(m
T
))]
c
=
∏
t
i=1
γ ∗ γ
T
δ
∑
t
j=1
ID
j
+ID
T
= C
γ
T
δ
ID
T
(5)
Now prover plays the following security game with
the honest aggregator with an adversary A as a sub-
routine.
• Honest key generator with secret key x = er
a
,
generates public key p = g
ID
T
x
for the prover with
identifiable information as ID
T
. And sends p to
prover.
• Prover chose a message vector m =
{m
0
, m
1
, . . . , m
t
} and send t-tuples {α
i
, β
i
, γ
i
}
such that 1 ≤ i ≤ t to adversary.
• Adversary chose a message m
T
and send back
{α
T
, β
T
, γ
T
, m
T
}.
• Prover invoke the Verification function with mes-
sage vector M = m ∪ m
T
. and t + 1 tuple
{α
i
, β
i
, γ
i
} such that 1 ≤ i ≤ t and {α
T
, β
T
, γ
T
}
and C
0
= z
[M∗H(m
T
))]
c
= C
γ
T
δ
ID
T
• If verification is correct then Prover asked adver-
sary for random parameter r
a
∈ Z
p
and H(m
T
)
−1
and m
0
T
=
∑
k
i=1
m
(T )
i
.
• Prover then computes
e =
1
r
a
ID
T
log
g
(
C
0
δ
ID
T
Cz
m
0
T
) (6)
Thus if adversary A is able to add a new data of his
choice to the encrypted message, a polynomial time
prover can use the adversary to break a discrete log
problem. Thus by the hardness assumption of dis-
crete log problem, adversary can not append data of
his choice to the encrypted message.
4 CONCLUSION
We proposed an algorithm to reduce over all energy
consumption of the sensor nodes by distributing the
task of aggregation, verification and key generation.
Peer verification is essential to eliminate the possi-
bility of aggregator or key generator being compro-
mised. Future scope of study is to prove the efficiency
of the algorithm in the presence of cheating verifier
and aggregator.
REFERENCES
Castelluccia, C., Chan, A. C., Mykletun, E., and Tsudik,
G. (2009). Efficient and provably secure aggregation
of encrypted data in wireless sensor networks. ACM
Transactions on Sensor Networks (TOSN), 5(3):20.
Du, W., Deng, J., Han, Y. S., and Varshney, P. K. (2003).
A witness-based approach for data fusion assurance
in wireless sensor networks. In Global Telecommu-
nications Conference, 2003. GLOBECOM’03. IEEE,
volume 3, pages 1435–1439. IEEE.
Hayashi, R., Okamoto, T., and Tanaka, K. (2004). An rsa
family of trap-door permutations with a common do-
main and its applications. Public Key Cryptography–
PKC 2004, pages 291–304.
He, W., Liu, X., Nguyen, H., Nahrstedt, K., and Abdelzaher,
T. (2007). Pda: Privacy-preserving data aggregation
in wireless sensor networks. In INFOCOM 2007. 26th
IEEE International Conference on Computer Commu-
nications. IEEE, pages 2045–2053. IEEE.
Hu, L. and Evans, D. (2003). Secure aggregation for wire-
less networks. In Applications and the Internet Work-
shops, 2003. Proceedings. 2003 Symposium on, pages
384–391. IEEE.
Krishnamachari, B., Estrin, D., and Wicker, S. (2002).
The impact of data aggregation in wireless sensor
networks. In Distributed Computing Systems Work-
shops, 2002. Proceedings. 22nd International Confer-
ence on, pages 575–578. IEEE.
Li, X., Chen, D., Li, C., and Wang, L. (2015). Secure
data aggregation with fully homomorphic encryption
in large-scale wireless sensor networks. Sensors,
15(7):15952–15973.
Ozdemir, S. and C¸ am, H. (2010). Integration of false
data detection with data aggregation and confidential
transmission in wireless sensor networks. IEEE/ACM
Transactions on Networking (TON), 18(3):736–749.
Ozdemir, S. and Xiao, Y. (2009). Secure data aggregation in
wireless sensor networks: A comprehensive overview.
Computer Networks, 53(12):2022–2037.
Ozdemir, S. and Xiao, Y. (2011). Integrity protecting hierar-
chical concealed data aggregation for wireless sensor
networks. Computer Networks, 55(8):1735–1746.
Schmidt-Samoa, K. (2006). A new rabin-type trapdoor per-
mutation equivalent to factoring. Electronic Notes in
Theoretical Computer Science, 157(3):79–94.
Westhoff, D., Girao, J., and Acharya, M. (2006). Concealed
data aggregation for reverse multicast traffic in sensor
networks: Encryption, key distribution, and routing
adaptation. Mobile Computing, IEEE Transactions
on, 5(10):1417–1431.
Yang, Y., Wang, X., Zhu, S., and Cao, G. (2008). Sdap: A
secure hop-by-hop data aggregation protocol for sen-
sor networks. ACM Transactions on Information and
System Security (TISSEC), 11(4):18.
Distributed Data Aggregation in Wireless Sensor Network - with Peer Verification
445
