International Journal of Computer Trends and Technology (IJCTT) volume 8 number 2 Feb 2014

ISSN: 2231-2803 http://www.ijcttjournal.org Page110

Survey on End-To-End Confidentiality in
Wireless Sensor Networks
T.Gowtham
1
, D.Sathya
2

1
( Student, Kumaraguru College of Technology, Coimbatore, Tamil Nadu, India)
2
(Assistant Professor, Department of Computer Science and Engineering, Kumaraguru College of Technology,
Coimbatore, Tamil Nadu, India)

ABSTRACT: A wireless sensor network (WSN)
is a collection of a large number of sensor nodes
and few sink nodes that have limited Computation,
communication and power resources. Data
aggregation is used to reduce amount of data
transmission and increases the lifetime of sensors.
Data aggregation is the process of combining the
raw data from one or more sensor nodes and
performs operations as min, max, count, avg. The
sensor nodes are often deployed in hostile
environment so the aggregated result should be
protected from the various types of attacks in order
to achieve the data integrity-confidentiality and
authentication. The various approaches given for
the secure data aggregation is classified into two
groups, secure data aggregation on unencrypted
data and secure data aggregation on encrypted
data. The paper proposes a detailed survey on
secure data aggregation on encrypted data.
Keywords - Data aggregation, Encryption,
Decryption, Integrity, confidentiality,
authentication, security.
I. INTRODUCTION
Advances in robotics have made it possible
to develop a variety of new architectures for
autonomous wireless sensor networks. Mobile
nodes, essentially small robots with sensing,
wireless communications, and movement
capabilities, are useful for tasks such as static sensor
deployment. These advanced sensor network
architectures could be used for a variety of
applications including intruder detection, border
monitoring, and military patrols. In potentially
hostile environments, the security of unattended
mobile nodes is extremely critical. The attacker may
be able to capture and compromise mobile nodes,
and then use them to inject fake data, disrupt
network operations, and eavesdrop on network
communications[1].
As sensor networks become wide-spread
in different environments, security issues become a
central concern, especially in mission-critical tasks.
To protect information fromthe various types of
attacks in order to achieve the data integrity-
confidentiality and authentication, secure data
aggregation is introduced.


1.1 Importance of Security in WSN
Computer networks created a revolution in the use
of information. Information is now distributed.
Authorized people can send and retrieve
information from a distance using computer
networks. Although the three above mentioned
requirements confidentiality, integrity, and
availability have not changed, these have some new
dimensions. Not only should information be
confidential when it is stored in a computer, there
should also be a way to maintain its confidentiality
when it is transmitted from one computer to
another. When data is transmitted with aggregation
it enhances the lifetime of sensor and reduces the
energy consumption by eliminating the
redundancy.

1.2 Secure Data Aggregation
In order to save resources and energy, data must be
aggregated to avoid overwhelming amounts of
traffic in the network. Aggregation is the process of
performing some operation on the data sensed by
sensor nodes and reports the aggregated data to a
central node, called sink. Data aggregation is the
process of combining the raw data from one or
more sensor nodes and performs operations as min,
max, count, avg. The sensor nodes are often
deployed in hostile environment so the aggregated
result should be protected fromthe various types of
attacks in order to achieve the security issues. The
various approaches given for the secure data
aggregation is classified into two group, secure
data aggregation on unencrypted data and secure
data aggregation on encrypted data. Secure data
aggregation on unencrypted data means the
aggregator node decrypts, performs aggregation,
encrypts and forward to the Base station.

II. Secure data aggregation on
encrypted
Secure data aggregation on unencrypted data
leads some security attacks such as node
compromise, fake data injection, latency, due to
data decryption on aggregator node. In secure data
aggregation on encrypted data, the aggregator node
performs the aggregation on encrypted data without
decrypting it and forward to the Base station.
Various end-to-end secure data aggregation
protocols are discussed below:-

International Journal of Computer Trends and Technology (IJCTT) volume 8 number 2 Feb 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page111


2.1. Secure Data Aggregation Scheme (SDAS)
for Clustered WSN
Secure data aggregation scheme[3] for
clustered wireless sensor networks on this, the
encrypted sensor readings are transmitted to the
cluster head with MAC and the cluster head
process the encrypted data without decryption. For
the readings have the same value and come from
different sensor nodes, the cluster head remains the
nodes identifiers in data aggregation process to
provide the information for global data distribution.
Except providing data privacy protection, the
scheme had better performances in resilient against
active attack, node compromise attack and DoS
attack.

2.1.1. Implementation
It is designed for static cluster wireless
network in non-overlapping clusters.
Systeminitialization:
Let S Sensors (their ids,.. S
1
, S
2
, S
N
,
respectively)
(e
1
, e
2
,,e
N
) RandomKeys
m() , h() - One way functions
Data Encryption:
Let S
i
- Clusters
AG
i
- Cluster Head
v
i
- Sensor Reading
K
i
- Pair wise Key
Then,
<S
i
|| c || (v
i
XOR m(r
i
)) || ( e
i
XOR r
i
) ||
m(m(r
i
)) || MAC>
And MAC as follows,
<MAC =h(k
i
|| c || (m
i
XOR m(r
i
)) || (k
i

XOR r
i
) || m(m(r
i
)))>
The , data decryption, is done in base station, at
first, BS aggregates the data come fromneighbor
sensors and child aggregators in the same way with
mid aggregators. Then, BS decrypts the sensor
reading as follow[4]:
M
i
=<S
i
|| (v
i
XOR m(r
i
)) || ( k
i
XOR r
i
) ||
m(m(r
i
)) , IDList>

Drawbacks
1. Node compromise.
2. End-End but security is insufficient with
active attacks.

2.2. Recoverable Concealed Data Aggregation for
Data Integrity (RCDA)
In RCDA Data aggregation schemes[1]
provide better security compared with traditional
aggregation schemes. Since cluster heads
(aggregator) can directly aggregate the cipher texts
without decryption and consequently transmission
overhead is reduced. The base station only retrieves
the aggregated result, not individual data, which
causes two problems. First, the usage of
aggregation functions is constrained. For example,
the base station cannot retrieve the maximumvalue
of all sensing data if the aggregated result is the
summation of sensing data. Second, the base
station cannot confirm data integrity and
authenticity via attaching message digests or
signatures to each sensing sample. Above two
drawbacks can be overcome by, recovering all
sensing data even the data has been aggregated.
This property is called recoverable.
A well-known approach named Concealed
Data Aggregation (CDA) has been proposed based
on these two ideas. CDA provides both end-to-end
encryption and in-networking processing in WSN.
Since CDA applies privacy homomorphism(PH)
encryption with additive homomorphism, cluster
heads are capable of executing addition operations
on encrypted numeric data. Later, several PH-based
data aggregation schemes have been proposed to
achieve higher security levels. In the above PH-
based schemes the base station receives only the
aggregated results. It brings two problems. In
beginning the usage of aggregation functions is
constrained. For example, these schemes only
allow cluster heads to perform additive operations
on cipher texts sent by sensors therefore, they are
ineffective if the base station desires to query the
maximumvalue of all sensing data. Second, the
base station cannot verify the integrity and
authenticity of each sensing data. These problems
seemto be solved if the base station can receive all
sensing data rather than aggregated results, but this
method is in direct contradiction to the concept of
data aggregationthat the base station obtains only
aggregated results. This design is an approach that
allows the base station to receive all sensing data
but still reduce the transmission overhead.
In RCDA [1], a base station can recover
each sensing data generated by all sensors even if
these data have been aggregated by cluster heads
(aggregators). With these individual data, two
functionalities are provided. First, the base station
can verify the integrity and authenticity of all
sensing data. Second, the base station can perform
any aggregation functions on them. RCDA
schemes named RCDA-HOMO and RCDA-HETE
for homogeneous and heterogeneous WSN
respectively defined here.
Two signature schemes such as Mykletun et
al.s and Boneh et al.s scheme were followed by
six steps namely [1]:
1. key generation (KeyGen),
2. signing (Sign),
3. verifying
4. (Verify),
5. aggregation (Agg), and
6. Verifying aggregated signature (Agg-
Verify).

Drawbacks
1. Use of aggregation function is
constrained.
International Journal of Computer Trends and Technology (IJCTT) volume 8 number 2 Feb 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page112


2.3. Efficient Aggregation of Encrypted Data
In efficient data aggregation [2] each sensor
devices data transmissions is a energy-consuming
tasks, so to increase the lifetime of a WSN it is
essential to minimize the number of bits sent by
each devices. One well known approach is to
aggregate sensor data (e.g., by adding) along the
path from sensors to the sink. Aggregation
becomes especially challenging if end-to-end
privacy between sensors and the sink is required.
An simple and provably secure additively
homomorphic stream cipher that allows efficient
aggregation of encrypted data. The new cipher only
uses modular additions (with very small moduli)
and is therefore very well suited for CPU-
constrained devices. Aggregation based on this
cipher can be used to efficiently compute statistical
values such as mean, variance and standard
deviation of sensed data, while achieving
significant bandwidth gain.
Homomorphic encryption scheme allows
arithmetic operations to be performed on cipher
texts. One example is a multiplicatively
homomorphic scheme, whereby the multiplication
of two cipher texts followed by a decryption
operation yields the same result as, the
multiplication of the two corresponding plaintext
values. Homomorphic encryption schemes are
especially useful in scenarios where someone who
does not have decryption keys needs to perform
arithmetic operations on a set of ciphertexts. A
more formal description of homomorphic
encryptions schemes is as follows.
Let Enc () - probabilistic encryption scheme.
M - message space
C - cipher text space
such that M is a group under operation XOR and C
is a group under operation MUL. Enc() is a
(XOR,MUL) - homomorphic encryption scheme if
for any instance Enc() of the encryption scheme,
given c1 =Enc
k1
(m
1
) and c2 =Enc
k2
(m
2
), there
exists a key k such that
c
1
MUL c
2
=Enc
k
(m
1
XOR m
2
)
In other words, the result of the
application of function XOR on plaintext values
may be obtained by decrypting the result of MUL
applied to the corresponding encrypted values. A
good example is the RSA cryptosystem which is
multiplicatively homomorphic.
The proposed scheme is additively
homomorphic encryption technique. The scheme is
mentioned below. Additively Homomorphic
Encryption Scheme,
Encryption
1. Represent message mas integer m [0,M 1]
where M is large integer.
2. Let k be a randomly generated key stream, where
k [0,M 1].
3. Compute c =Enc(m, k, M) =m+k (mod M).
Decryption
1. Dec(c, k,M) =c k (mod M).
Addition of Cipher texts
1. Let c
1
=Enc(m
1
, k
1
,M) and c
2
=Enc(m
2
, k
2
,M).
2. For k =k
1
+k
2
, Dec (c
1
+c
2
, k,M) =m
1
+m
2
.
Assume that 0 m<M. Due to the commutative
property of addition, the above scheme is
additively homomorphic. In fact, if c
1
=Enc(m
1
,
k
1
,M) and
c
2
=Enc(m
2
, k
2
,M) then
c
1
+c
2
=Enc (m
1
+m2 , k
1
+k
2
,M)
Note, that if n different ciphers c
i
are
added, then M must be larger than

,
otherwise correctness is not provided. In fact if
mi

,is larger than M, decryption will results in

a value m that is smaller than M. . The key stream
k can be generated by using a stream cipher, such
as RC4, keyed with a nodes secret key s
i
and a
unique message id. This secret key pre-computed
and shared between the node and the sink, while
the message id can either be included in the query
fromthe sink or derived fromthe time period in
which the node is sending its values in (assuming
some formof synchronization).

Drawbacks
1. Hop by hop encryption
2. Uses Non Aggregation type of
methodology

2.4. Secure Hierarchical Data Aggregation
Traditional end-to-end security[4] is not
suitable for use with in-network aggregation. A
corrupted sensor has access to the data and can
falsify results. Additively homomorphic encryption
allows for aggregation of encrypted values, with
the result being the same as the result when
unencrypted data was aggregated. Using public key
cryptography, digital signatures can be used to
achieve integrity. The use of homomorphic
encryption and additive digital signatures is to
achieve confidentiality, integrity and availability
for in-network aggregation in wireless sensor
networks.
Homomorphic encryption does not provide
integrity. The, Public key elliptic curve
cryptography, use on digital signatures to provide
integrity. Digital signature schemes are not
homomorphic. Hence two signatures generated on
two different messages cannot be combined to
verify the sumof messages.
Elliptic curve digital signatures are used to
provide message integrity and integrity of the
aggregate in addition to data confidentiality.
Elliptic curve cryptography uses curves whose
variables & coefficients are finite.
Each node generates a reading. The reading is
signed with the aggregate signature protocol using
the nodes private key; this is shown as Sig(x).
Each node homomorphically encrypts the reading
with the base stations public key; this is shown as
International Journal of Computer Trends and Technology (IJCTT) volume 8 number 2 Feb 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page113


Enc(x) . The node sends the secured reading, the
signature and its public key to its parent. After
receiving messages fromall its children, the parent
combines the messages into one. The parent sums
the secured readings, the signatures and the public
keys. If the parent also contributes a reading, that
reading is treated like any other reading. Examples
are SUMENC, SUMSIG and SUMKEY. This
process is repeated by each parent along the path to
the base station.
The base station decrypts the received
message. The sum of the readings was
homomorphically encrypted with the base stations
public key. This allows the base station to decrypt
the. Only the base station which is in possession of
the matching private key is able to decrypt the
readings. For example, Dec(Enc(x)) each node
signed its messages, and these signatures were
combined along the way. The base station can now
verify the sumof the signatures given the sumof
the public keys. The aggregate signature protocol
ensures that only readings fromlegitimate sensors
are included in the aggregate.
Two types of data confidentiality are
necessary in WSNs they, generic confidentiality
and end-to-end confidentiality. Generic
confidentiality means that any node not
participating in the aggregation mechanismis not
able to access the data. End-to-end confidentiality
means that any node participating in the
aggregation mechanism is unable to access the
already aggregated data. The protocol mentioned
above provides security for both types of
confidentiality using symmetric key cryptography
and multiple homomorphic encryptions.

Drawbacks
1. A Corrupted sensor can have access to the
data.
2.5. An Energy-Aware Spanning Tree Algorithm
for Data Aggregation
E-Span which is an energy-aware spanning is
a tree algorithm. E-Span is a distributed protocol
and facilitates the sources within an event region to
perform data aggregation. In E-span, the source
node which has the highest residual energy is
chosen as the root. Other source nodes choose their
corresponding parent node among their neighbors
based on the residual energy and distance to the
root. E-Span is a graph that covers all the nodes as
vertices and contains no cycles. All other nodes are
still connected to the selected root via the shortest-
path route. Since the root is also responsible to
coordinate the routes with distant sinks, the node
with the highest energy level is now chosen as the
root.
Each other node is given with the choice
to select its parent as the highest-energy neighbor
for whomthe shortest path message comes from.
By using the same set of nodes as an example, the
tree will now have node 8 chosen as the root and all
other nodes are still talking to node 8 via the
shortest path route (see in Figure 2.2). Node 6
which finds itself having two shortest-path
neighbors of nodes 2 and 4 will attach itself to the
higher-energy one (i.e. node 2). This allows a node
that has more available resources to be selected
as a parent node. The E-Span protocol is shown in
Figure 2.3.

Fig.1. Connectivity diagram
The configuration message now involves
3 additional parameters: the residual energy of the
node that sends the message, that of the nodes
chosen root, and the nodes chosen parent.



Fig..2. E-Span configurations
8
2
4
6
7
1
3
5
10j
8j
6j
7j
10j
3j
9j
8j
International Journal of Computer Trends and Technology (IJCTT) volume 8 number 2 Feb 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page114




Fig.2. PPP Architecture
Lines 1 to 3 begin the message exchanges
and restrict these exchanges to be within the event
area [5].
Lines 4 to 7 allow a root to periodically
generate a message every T seconds and reset a
node that loses connection with its parent. Lines 8
to 11 update the list of child nodes for the receiving
node.
Lines 12 to 16 update the message when a node
receives an energy update from its parent, or when
it detects a better shortest-path neighbor or a
higher-energy root. Lines 14 and 15 compare the
receiving node with the root. Line 16 broadcasts
the message if there is a change.
Define: r
n
to be the ID of the root selected by node
n.
d
n
to be the shortest-path distance from rn to node
n.
g
n
=(n, r
n
, d
n
) to be the message sent by node n.
p
n
to be the ID of the parent selected by node n.
t
recv,n
to be the time node n received the message
fromits parent.
Initialize: g
n
to (n, n, 0) for all n N
p
n
to n for all n N
t
recv,n
to 0 for all nN
GetSpan (node ID n, time t, timeframe T)
1 if n is not an event source,
2 return
3 else {single-hop broadcast g
n
and start a timer P
that expires every T sec
4 while true,
5 if timer P expires and (r
n
=n or t >t
recv,n
+T),
6 set g
n
to (n, n, 0)
7 set p
n
to n
8 set t
recv,n
to t
9 single-hop broadcast g
n
10 if receiving a message
g
i
fromnode i,
11 if r
i
<r
n
, or (r
i
=r
n
and d
i
+1 <d
n
),
or (r
i
=r
n
, d
i
+1 =d
n
, and i<=p
n
),
12 set g
n
to (n, r
i
, d
i
+1)
13 set p
n
to i
14 set t
recv,n
to t
15 single-hop broadcast g
n
and restart timer P
Single-hop broadcast corresponds to sending a
packet to all single-hop neighbors. Our proposed E-
Span has the same objective in an attempt to
construct a data aggregation tree and select a
dedicated root for which data is gathered. E-Span,
EDAT, and HEED consider the residual energy,
thereby enhancing the chance of distributing the
loads over higher energy nodes.

CONCLUSION
The paper deals with the techniques used in secure
data aggregation on encrypted data. It provides an
end-to-end security through the data confidentiality
and Integrity. The above techniques mainly
concerned with secure data aggregation.
Recoverable Concealed Data Aggregation for Data
Integrity (RCDA) provides more security than
other traditional data aggregation schemes. There
are some other security issues needs to be resolved.

REFERENCES
[1] Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin,
and Hung-Min Sun RCDA: Recoverable Concealed Data
Aggregation for Data Integrity in Wireless Sensor Networks
IEEE transactions on parallel and distributed systems, vol. 23,
no. 4, april 2012.
[2] Claude Castelluccia, Einar Mykletun, Gene Tsudik
Efficient Aggregation of encrypted data in Wireless Sensor
Networks Second Annual International Conference on Mobile
and Ubiquitous Systems Networking and Services
(MobiQuitous05) 2005.

[3] J ulia Albath, Sanjay Madria Secure Hierarchical
Data Aggregation in Wireless Sensor Networks IEEE
Communications Society subject matter experts for publication
in the WCNC 2009 proceedings.

[4] Stavros Papadopoulos, Aggelos Kiayias, and
Dimitris Papadias Exact In Network Aggregation with
Integrity and Confidentiality IEEE transactions on knowledge
and dataengineering, vol. 24, no. 10, october 2012.

[5] Suat Ozdenir Concealed Data Aggregation in
Heterogeneous Sensor Networks using Privacy
Homomorphism IEEE Conference on Computer Society 2007.

[6] Marc Lee,Vincent W.S. Wong An Energy-Aware
Spanning Tree AlgorithmFor Data Aggregation In Wireless
Sensor NetworksIEEE transactions on knowledge and data
engineering, 0-7803-9195-0/05/$20.00 2005 IEEE.
Policeofficer
(Sensor node)
LOCATION PRIVACY
Mixzone model
(Minimizingintrusiveness)
Attacker
Or
Criminal
Encryption&
Decryption
AppropriateTiming
RFID
PoliceCommissioner (CH)
Aggregation
PatternIdentification
DATABASE (SINK)
Includesintra
nodeand
randomized
routing
8
2
4
1
7
3
6
5
8j
4j
6j
10j
9j
8j
10j
3j