無線感測網路安全多維資料聚合與還原;Secure Multidimensional Data Aggregation and Recovery for Wireless Sensor Networks

NCU Institutional Repository > 資訊電機學院 > 資訊工程學系 > 研究計畫 > Item 987654321/49666

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/49666

题名:	無線感測網路安全多維資料聚合與還原;Secure Multidimensional Data Aggregation and Recovery for Wireless Sensor Networks
作者:	黃興燦;江振瑞
贡献者:	資訊工程系
关键词:	資料匯集;資料還原;資料完整性;資料隱私性;竄改偵測;無線感測網路;研究領域：資訊科學--軟體
日期:	2011-08-01
上传时间:	2012-01-17 19:07:12 (UTC+8)
出版者:	行政院國家科學委員會
摘要:	資料聚合(data aggregation)利用無線感測網路(wireless sensor network, WSN)中感測器節點的資料處理能，在傳輸資料時即進行統計運算(加總或取平均等)，並以統計結果取代原始數據送回資料匯集節點(sink node)，以降低資料傳輸量，節省能源消耗。但是因為個別原始資料與其來源節點資訊會在資料聚合的過程中消失，因此攻擊者可以任意竄改資料或送出假資料而不被查覺。為了解決這些問題，本計畫預計發展一個安全的多維資料聚合與還原機制，讓匯集節點能夠由最終匯集資料還原出每一筆原始資料，並且具有竄改偵測(tampering detection)能力與推測注入錯誤資料(injecting false data)節點的能力。在所提出的架構下，我們假設感測器節點能夠使用不同的感測模組感測到表示成整數的多維度(multidimensional)資料，並使用中國餘數定理(Chinese remainder theorem)或背包問題(knapsack problem)所衍生出的多維對一維的可逆函數作為聚合函數，將感應到的多維感測資料聚合成一個稱為維度聚合結果(Dimensional Aggregation Result, DAR)的較大整數。而匯集節點具有這些可逆函數的後門(trapdoor)資訊，可以迅速的由維度聚合結果還原出每個維度的原始資料。另外，每個節點的維度聚合結果再依匯集節點所知悉並指定的路徑產生一系列的路徑聚合結果(Path Aggregation Result, PAR)。明確的說，每個節點會利用本身的路徑匯集金鑰(Path Aggregation Key, PAK)，搭配本身的DAR與前一節點的PAR以產生本身的PAR。而匯集節點則依路徑相反順序，搭配路徑上各節點的PAK還原出每個節點的PAR，然後再以可逆函數後門資訊還原出每個感測器節點的原始資料。因為能將感測器節點的原始資料還原，我們可以將傳輸序號作為額外資訊與感測資料一併傳送，再藉由比對傳輸序號達到驗證資料完整性(integrity)的目的。綜合而言，我們所設計的資料聚合與還原機制預計能夠達到以下目標:  隱私性(Privacy): 只有資料來源與匯集節點能夠知道其感測資訊。 多維聚合(Multidimensional Aggregation):多種不同的感測資料能被聚合後傳送。 竄改偵測(Tampering Detection): 一旦聚合資料被竄改或有感測器節點送出假資料，匯集節點能發覺並找出可疑的感測器節點。 原始資料還原(Raw Data Recovery): 匯集節點能從聚合結果還原所有感測器節點的原始資料。 Data aggregation is a technique widely used in the wireless sensor network (WSN) to reduce communication overheads by aggregating the sensed data while transferring them to the sink node. Instead of reporting the original raw data, the data aggregation technique transmits the statistical results (e.g., the average, the summation and the maximum) of the data sensed by different sensor nodes. However, data aggregation may encounter some problems, such as false data injection and data tampering, since the raw data and their sources are missing after in-network aggregation. In order to overcome the problems, we propose a novel secure multidimensional data aggregation and recovery scheme by which the raw data of each data source can be securely aggregated and recovered, and any tampering attack or false data injection attack can be detected and identified. In the proposed scheme, an aggregation path is constructed before forwarding the sensed data. We assume that the sink node knows the node order of the aggregation path. The multidimensional readings of a sensor node are locally and securely aggregated as a large integer called dimensional aggregation result (DAR) with the help of an invertible function derived by the Chinese Remainder Theorem or the knapsack problem. The sink node knows the trapdoor of the invertible function and thus can recover the data of each dimension. The DARs of the sensor nodes on the path are then aggregated to form the final path aggregation result (PAR). To be more precise, each node on the path will generate its own PAR by using its own path aggregation key (PAK) to combine its DAR and the PAR coming from the preceding node in the path. After receiving the final PAR, the sink node can recover the PAR of each sensor node by using sensor node’s PAR according to the reverse node order of the path. The sink node can then recover the data of each dimension for each sensor node. It is noted that a sequence number of data transmission is treated as an extra data dimension of each sensor node for verifying the data integrity. By keeping track of the sequence number, the sink node can verify data integrity after it obtains the raw data. To sum up, the project aims to construct a data aggregation and recovery scheme that has the following features:  Privacy preserving: Only the data source node and the sink node can access the sensed data.  Multidimensional aggregation: Multiple sensed data of different dimensions can be aggregated securely.  Tampering detection: The sink node can figure out the suspicious nodes if the aggregated data are altered.  Raw data recovery: The sink node can derive the original sensed data of each source node from the aggregated data. 研究期間：10008 ~ 10107
關聯:	財團法人國家實驗研究院科技政策研究與資訊中心
显示于类别:	[資訊工程學系] 研究計畫

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	487	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....