KR101026764B1 - Secure Data Aggregation Using Data Randomization in Sensor Network and a cluster head therefor - Google Patents

Abstract

The present invention provides a data collection method in a sensor network including a plurality of sensor nodes, a cluster head connected to a plurality of sensor nodes, and a base station connected to a plurality of cluster heads, wherein the cluster head is configured to sense data randomized from the sensor node. Receiving; Derandomizing the received randomized sensed data; Generating a partial collection value (PAV) by executing a collection function on the derandomized sensed data; Encrypting the generated partial collection value; And transmitting the encrypted partial collection value to the base station.

Sensor Network, Cluster Head, Acquisition Function, Data Acquisition, Randomization, Encryption

Description

Secure Data Aggregation Using Data Randomization in Sensor Network and a cluster head therefor}

The present invention relates to a sensor network for collecting and processing information using sensor equipment, and more particularly, to a data collection method and apparatus in a cluster-based wireless sensor network.

The present invention is derived from a study conducted as part of the ubiquitous source technology development project of the Ministry of Knowledge Economy and the Ministry of Information and Communication Research and Development. [Task management number: 2005-Y-001-04, Task name: Development of next-generation security technology].

The wireless sensor network is a wireless network designed to detect and collect information generated in a specific area for various applications such as a remote monitoring system, telemedicine and unmanned exploration, and to transmit this information to a user through a wireless communication technique. Wireless sensor networks (WSNs) are composed of sensor nodes with various sensing, data processing, and wireless communication functions for perception of surrounding conditions. It detects the surrounding environment information and sends it to the network in real time to process and manage the related information. As a result of detecting objects or environmental information from tags and sensors, storing, processing and integrating them to create and utilize context-aware information and knowledge contents, an intelligent infrastructure that enables anyone to use the necessary knowledge and services at any time and place. It becomes possible.

WSN is generally composed of large sensor nodes for the accuracy of sensing and expansion of detection area. Therefore, in order to deliver information detected by various types of sensors to the BS without threat of eavesdropping or forgery in large networking environments There is a need for mutual authentication between sensor nodes and to secure data communication.

In other words, data collection is an essential function of WSN, but since various applications of WSN have sensitive data, security is necessary to collect data without leaking personal information (or data). .

In the past, several cryptographic structures and scenarios have been used for the security of data collection. In its simplest form, the security scheme is based on the structure in which the data record is encrypted on the sensor side and the collector decrypts and collects the data record using symmetric or asymmetric keys. Another advanced model is collection-based encryption, including homemorphism encryption and collection message authentication codes. All of the research results to date require two things:

(1) Presence of security structures in symmetric or asymmetric key structure models

(2) overhead required to encrypt / decrypt data

The purpose of this patent is to improve the overhead of the two issues involved in conventional data collection. In the present invention, the following two methods are provided so that a wide range of collection functions can be applied while providing reasonable security.

(1) Pure randomization-only method

(2) hybrid system

According to an aspect of the present invention, a data collection method in a sensor network including a plurality of sensor nodes, a cluster head connected to a plurality of sensor nodes, and a base station connected to a plurality of cluster heads, the cluster head comprising: a sensor node Receiving randomized sensing data from the apparatus; Derandomizing the received randomized sensed data; Generating a partial collection value (PAV) by executing a collection function on the derandomized sensed data; Encrypting the generated partial collection value; A data collection method is provided, comprising transmitting the encrypted partial collection value to a base station.

In the data collection method, a distribution parameter for randomization and derandomization may be shared between a cluster head and sensor nodes connected to the cluster head.

In the data collection method, the randomized sensed data may be randomized using a first random nonce generated based on the distribution parameter.

In the derandomizing step, derandomization may be performed using a second random nonce generated based on the distribution parameter.

According to an aspect of the present invention, a data collection method in a sensor network including a plurality of sensor nodes, a cluster head connected to a plurality of sensor nodes, and a base station connected to a plurality of cluster heads, the sensor connected to the cluster head The nodes are divided into a first subgroup using randomization and a second subgroup using encryption, and receive randomized sensed data from the first subgroup, and receive encrypted sensed data from the second subgroup. step; Performing derandomization and decryption on the received randomized sensed data and encrypted sensed data, respectively; Executing a collection function on the derandomized and decrypted sensed data to generate a randomized partial collection value (RPAV) and an encrypted partial collection value (EPAV), respectively; Generating a partial collection value (PAV) by performing a predetermined collection function on the randomized partial collection value (RPAV) and the encrypted partial collection value (EPAV); There is provided a data collection method comprising the step of encrypting the partial collection value and transmitting it to a base station.

In the data collection method, a distribution parameter for randomization and derandomization is shared with a sensor node belonging to a first subgroup, and a symmetric key for encryption and decryption is set with a sensor node belonging to a second subgroup. It may be.

In the data collection method, a flag indicating the randomization and encryption may be inserted into the randomized sensed data and the encrypted sensed data, respectively.

According to an aspect of the present invention, a cluster head in a sensor network connected to a plurality of sensor nodes and a base station, the cluster head comprising: a first communication unit for receiving randomized sensing data from a sensor node; A derandomizer for derandomizing the randomized sensed data; A partial collection value calculation unit configured to generate a partial collection value by executing a collection function on the derandomized sensed data; A cluster head including a second communication unit for transmitting the partial collection value to a base station is provided.

According to an aspect of the present invention, a cluster head in a sensor network connected to a plurality of sensor nodes and a base station, wherein the sensor nodes connected to the cluster head comprise a first subgroup using randomization and a second using encryption. The cluster head may be divided into subgroups, and the cluster head may include: a first communication unit configured to receive randomized sensing data from a first subgroup and to receive encrypted sensing data from a second subgroup; A derandomizer for derandomizing the received randomized sensed data; A decryption unit which decrypts the received encrypted sensed data; A collection function is executed on the derandomized and decrypted sensed data to generate a randomized partial collection value and an encrypted partial collection value, respectively, and a collection function is performed on the randomized partial collection value and the encrypted partial collection value to perform a partial collection value. A partial collection value calculation unit generating a; Provided is a cluster head including a second communication unit for encrypting the partial collection value and transmitting it to a base station.

The cluster head may further include a controller configured to determine whether to derandomize or decode the sensed data received from the sensor node.

Data randomization reduces the sensor node overhead (average of the overall overhead) and provides acquisition accuracy and precision while maintaining the security of single data.

The present invention proposes the following two structures to achieve the above technical problem.

The first method is a randomization-only method where the collection function is reapplied where the single data records are hidden at the sensor node side and random factors are removed at the collector side. A collection can contain a number of functions, but in this way it is possible to apply several collection functions such as summation, mean, and count.

The second approach is a hybrid approach that divides the entire network into two parts, depending on the mechanism used for protecting individual data, in order to maximize the applicable function. One part of the entire network protects the individual data using randomization so that the total sum of the overheads is small, while the other part is an existing method, such as encryption-based methods. The collection method is used to protect the data. By doing this, not only the functions such as sum, mean, and count mentioned above, but also other functions such as minimum and maximum can be calculated accurately.

FIG. 1 illustrates a basic structure of a general sensor network. The sensor network includes a sensor field in which sensor nodes are arranged as shown in FIG. 1, and a data collection node connecting the sensor field and an external network. . That is, the user or the application may transmit a query to the sensor node of the sensor field through the data collection node or receive data collected in the sensor field. In this case, data collection from the sensor network is performed by transmitting sensing data collected by each sensor node to the data collection node. In the conventional data transmission method, a direct transmission method directly transmits data sensed by the sensor node. The energy consumption of sensor nodes far away from the data collection node is high. Minimum Transmission Energy (MTE) is a method in which sensor nodes on a multi-hop path collect data from neighbor nodes and transmit data to neighboring data collection nodes. As sensing data that needs to be routed increases, energy consumption is high, and transmission delay may occur because an intermediate node needs to be awakened to establish a data transmission path. Therefore, the energy consumption characteristics of the direct transmission method and the minimum energy transmission method are not suitable for application to energy-constrained sensor networks.

In addition, the data-centric routing scheme is more efficient than the direct transmission or multi-transmission scheme in data transmission and collection, but it is used as a routing method because there are many control messages for routing setup and a large overhead such as setup time. There is a limit to this. Due to the limitations of the data-centric routing scheme, the cluster-based routing scheme is proposed. Cluster-based routing techniques are used to reduce energy waste due to redundant transfer of similar information between adjacent nodes in the sensor network.

As shown in Fig. 2, the network to which the present invention is applied is a wireless sensor network composed of different clusters. For example, a three-tier model is shown in FIG. 2. This three-tier network is an example of a large network generally composed of numerous sensor nodes and classified into a plurality of clusters. . A cluster means a functional group unit in which each cluster has a cluster head (CH). Each cluster in this network consists of dozens to hundreds of typical sensor nodes and a single cluster head. Each cluster has a backbone node that is updated frequently to maintain fairness of power consumption. The different clusters communicate with a powerful computing entity called a base station (BS) or sink node. Different nodes in the same cluster communicate indirectly with the base station by forwarding their messages to the cluster head. A base station is typically a kind of special kind of sensor node that is connected to a computer.

Now, with reference to Figure 3a, the pure randomization scheme provided in the present invention will be described. In order to maintain the security of the collected data, a randomization method is used, and the detailed process is as follows. In the initialization step, nodes in the same cluster share distribution parameters required as entries for a randomization procedure (S301). This assigns several parameters for noise realization. Given normalized noise, the initialization step includes loading the standard deviation σ and the average μ.

Given a data vector D = [d1, d2, ..., dn] representing the sensed data of a series of sensor nodes S1, S2, ..., Sn, random realization belonging to the random variable X ( Or noise) x1, x2, ..., xn are generated (S302), and the masking value yi value for the data is calculated and added to the cluster head by summing it with the sense data vector (yi = xi + di) ( S303). The cluster head then generates a second random nonce (S304) and performs de-randomization (i.e., a reverse process of the above-described process) in such a manner as to sum up with the masking value yi (S305). A collection process is performed (or a collection function is applied) to obtain a partial collection value (PAV) (S306), and the PAV is transmitted to the base station (BS) in a traditional security scheme (ie, encryption) (S307). However, since the derandomization process guarantees a statistical property rather than an exact value, it may be applied to functions except for collecting functions such as minimum and maximum values.

3B shows a configuration of a cluster head for performing the above function. The cluster head according to the present invention includes a first communication unit 303 for receiving randomized sensing data from the sensor node 32. The first communication unit 303 transfers the sensing data received from the sensor node 32 to the control unit 304. The controller 304 transmits the randomized sensed data to the derandomizer 305, and the derandomizer 306 derandomizes the randomized sensed data using the same distribution parameter as that of the sensor node. Perform the process. When the derandomization unit 306 completes the derandomization process, the derandomized sensing data is transferred to the partial collection value calculator 307. The partial collection value calculator 307 generates a partial collection value PAV for the derandomized sensed data by a predetermined function. Then, the partial collection value PAV is transmitted to the base station through the first communication unit 302 through a process such as encryption. The first communication unit 303 and the second communication unit 302 serve as a receiver or a transmitter, and may be integrated into one element. In addition, some or all of the controller 304, the derandomizer 305, and the partial collection value calculator 307 may be implemented in a single processor of the cluster head.

As shown in FIG. 4, the present invention provides a hybrid scheme to support more various statistical characteristics (other statistical characteristics such as minimum and maximum values). In this approach also some of the sensors in the same cluster are assigned to perform a randomization scheme, while others are allocated to perform a traditional collection scheme using an encryption method. While the encryption method ensures the accuracy of the overall collection and is applicable to most collection functions, the randomization process for some data will enable statistically valid collection while reducing overall computational requirements.

In a hybrid approach, nodes in the same cluster are divided into two subgroups. One group performs the above-described randomization procedure for secure data collection while the other subgroup performs the encryption based collection procedure. Assume that the number of nodes performing the randomization procedure is n1, the number of nodes performing the encryption scheme is n2, and n1 + n2 = c. In the initialization steps S401 and S402, the nodes in the subgroup to perform the randomization procedure for secure data collection are distributed parameters for randomization (i.e., sigma and μ) as in the initialization step of the pure randomization method described above. ) Will be shared (S402). Meanwhile, nodes that will perform an encryption-based method for collecting security data share a setting for encryption (S401). That is, when using a symmetric key setting scheme, the nodes and the cluster head share symmetric keys so that the scheme can be used to encrypt and decrypt data traffic (S401).

Each sensor node checks its own setting to identify a subgroup to which it belongs and a protocol to be used for data collection (S403 and S404). On the sensor node side, in the initializing step (S401, S402), checking the protocol (S403, S404), or performing the encryption or randomization process (S405, S406), or in step S407, there are two methods. A flag may be defined or generated as an identifier for distinguishing a. Specifically, a flag of '0' may be added to a packet including data that has been subjected to a randomization process, and a flag of '1' may be added or inserted to a packet containing data that has been subjected to an encryption process.

The cluster head receives both the randomized sensed data and the encrypted sensed data so that the flag determines whether the cluster head applies the derandomization process or the decryption process. Then, encryption (S405) or randomization (S406) of the sensed data is performed according to the confirmed protocol, and a flag indicating a used protocol is generated and inserted into the performed data (S407). The cluster head receives both the randomized sensed data and the encrypted sensed data to identify the manner to be performed from the flag.

For data from sensors in the randomization group, the cluster head generates random values [z1, z2, ..., zn ₁ ]. In this case, each value zi is a realization of a random variable having the same statistical characteristics as noise generation. Then, the cluster head sends the detected data to [d'1, d'2, ..., d'n1] = [y1, y2, ..., yn1]-[z1, z2, ..., zn1. The derandomization process is performed according to] (S409). For data [y1, y2, ..., yn1] from sensors in the encryption subgroup, the cluster head decrypts the received data so that [d1, d2, ... dn2] = Dk ([y1, y2, ..., yn2]) is generated (S408). In this case, D is a decryption method and K is a shared key between corresponding sensor nodes and the cluster head. The derandomization or encryption process may include generating a partial collection value for each, wherein the cluster head applies a collection function to the derandomized and decrypted data, randomly collecting the partial collection values for each. Generate a partial collection value (RPAV) and an encrypted partial collection value (EPAV).

The cluster head performs a collection function on the partial collection values RPAV and EPAV of the two subgroups, calculates a PAV, encrypts it, and transmits it to the base station (S410). Then, when decoding is performed on the transmitted values to obtain PAVs from the cluster heads, a predetermined collection function is performed to calculate the final collection value (S411).

Referring back to FIG. 3B, the operation of the cluster head when the hybrid scheme is performed will be described. The cluster head according to the present invention includes a first communication unit 303 for receiving randomized sensed data and encrypted sensed data from the sensor node 32. The first communication unit 303 transfers the sensing data received from the sensor node 32 to the control unit 304. The controller 304 determines whether the sensed data is randomized or encrypted through a flag inserted in the sensed data. Upon determining the performed protocol, the randomized detection data is transmitted to the derandomization unit 305 to perform the derandomization process, and the derandomization unit 306 uses the same distribution parameters as those of the sensor node. The derandomization process is performed on the randomized sensed data. Meanwhile, the encrypted sensed data is transferred to the decryption unit 306 to perform a decryption process. Then, the decryption unit 306 performs a decryption process on the encrypted sensed data with a previously shared encryption / decryption key.

When the derandomization unit 306 and the decoding unit 306 complete the derandomization and decoding process, respectively, the derandomized sensed data and the decoded sensed data are transferred to the partial collection value calculator 307. The partial collection value calculator 307 generates a partial collection value RPAV for the derandomized sensed data and a partial collection value EPAV for the encrypted sensed data with a predetermined function. Then, the partial collection value calculation unit performs a collection function once more to calculate a partial collection value (PAV) from the randomized partial collection value and the encrypted partial collection value, and encrypts the first communication unit 302 through a process such as encryption. Transmit to base station via. The first communication unit 303 and the second communication unit 302 serve as a receiver or a transmitter, and may be integrated into one element. In addition, some or all of the controller 304, the derandomizer 305, the decoder 306, and the partial collection value calculator 307 may be implemented in a single processor of the cluster head.

Referring to FIG. 5, the randomization process will be described in more detail by dividing the randomization process into three substeps performed at the node side, the cluster head, and the base station.

On the sensor node side, each node Si in a cluster of size c with sense data values di produces a random nonce xi∈X (where X is a normal distribution with mean of μ and standard deviation of σ). Is a random variable of). Node si then computes the masking value yi value for the data as yi = xi + di. Node si then passes the masking value yi to the cluster head.

On the cluster head side, each corresponding masking value y1, y2, ..., yc is received from other nodes in the same cluster that have performed the same steps, namely nodes s1, s2, ..., sc and the same random We generate z1, z2, ..., zc using the conversion parameters (ie, μ and σ). The cluster head then performs derandomization by subtracting the corresponding random value zi from the value yi to produce di. That is, the cluster head calculates d'i = yi-zi (0 <i ≤ c). Thereafter, the cluster head executes a collection function on the result with f (d'1, d'2, ..., d'c), and encrypts the result with a pre-shared key. To the base station (BS). This result is called a partial aggregation value (PAV).

On the base station side, for different encrypted values received from various cluster heads, the base station decrypts and receives the PAVs to derive the final collection result and applies the collection function of the base station to the PAVs.

As noted, the randomization process hides individual sensed values but retains several statistical characteristics after the above mentioned derandomization process, which basically includes averages, sums, and counts.

Referring to FIG. 6, the hybrid scheme will be described in detail. The hybrid scheme is likewise composed of three sub-steps.

On the sensor node side, each node in the cluster of size c determines its configuration and decides whether to randomize or encrypt its data and then forward the decision to the cluster head. That is, the following steps are performed.

i. If the node belongs to the randomization subgroup, the node performs the same procedure as described in the previous protocol. That is, the node generates a random nonce xi∈X and computes yi = xi + di. The same procedure is performed by all nodes n1 belonging to the randomization subgroup. Randomized values are passed to the cluster head.

ii. If the node belongs to an encryption subgroup, the sense data is encrypted and then forwarded to the cluster head. That is, each node in nodes n2 that will perform the encryption procedure will calculate E _k (d _i ), where E is the encryption algorithm and k is the shared key between the node and the cluster head. Thereafter, the node forwards the encrypted sense data to the cluster head.

In the sensor node side, a flag is defined as an identifier for distinguishing the two methods. A flag of '0' may be added to a packet including data that has been subjected to a randomization process, and a flag of '1' may be added or inserted to a packet containing data that has been subjected to an encryption process.

The cluster head receives both the randomized sensed data and the encrypted sensed data so that the flag determines whether the cluster head applies the derandomization process or the decryption process.

i. For data [y1, y2, ..., yn] from the sensors in the randomization group, the cluster head generates random values [z1, z2, ..., zn1]. In this case, each value zi is a realization of a random variable having the same statistical characteristics as noise generation. Then, the cluster head sends the detected data to [d'1, d'2, ..., d'n1] = [y1, y2, ..., yn1]-[z1, z2, ..., zn1. ] To calculate.

ii. For data [y1, y2, ..., yn1] from sensors in the encryption subgroup, the cluster head decrypts the received data so that [d1, d2, ... dn2] = Dk ([y1, y2, ..., yn2]). In this case, D is a decryption method and K is a shared key between corresponding sensor nodes and the cluster head.

iii. Thereafter, the cluster head performs a collection function on each partial collection value RPAV and EPAV of the two subgroups according to the results of (i) and (ii) to generate a PAV, encrypts it, and sends it to the base station.

At the base station side, for the various encrypted PAVs received from the various cluster heads, the PAVs are received by decryption to derive the final collection result and the BS's collection function is applied to them.

와 같이 연산하고, 평균(mean) 수집 함수는

와 같이 연산한다. 다른 전형적인 수집 함수는 min/max 함수, 카운트 함수(여러 수집 값들을 나타내는 데이터 벡터에서 데이터 레코드의 수를 계산함), 편차 등을 포함한다.In the present invention, the mathematical collection function f (a1, a1, ..., ac) used for converting a collection value into various kinds of values is a single value which takes c inputs and varies according to the type of the collection function. (agg) For example, the summing collection function

And the mean collection function

Calculate as Other typical acquisition functions include min / max functions, count functions (counting the number of data records in a data vector representing multiple collection values), deviations, and the like.

The invention can also be embodied as computer readable code. The computer-readable recording medium includes all kinds of recording devices in which data that can be read by a computer system is stored. Examples of computer-readable recording media include ROM, RAM, CD_ROM, magnetic tape, floppy disks, optical data storage devices, and the like, and also include those implemented in the form of carrier waves, for example, transmission over the Internet. The computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

As described above, optimal embodiments have been disclosed in the drawings and the specification. Herein, specific terms have been used, but they are used only for the purpose of illustrating the present invention and are not intended to limit the scope of the present invention as defined in the claims or the claims. Therefore, those skilled in the art will understand that various modifications and equivalent other embodiments are possible therefrom. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

1 shows a general node configuration of a wireless sensor network.

2 illustrates a topology of a cluster-based wireless sensor network in accordance with one embodiment of the present invention.

Figure 3a schematically illustrates the process of collecting data using the pure randomization protocol according to the present invention.

3b shows a configuration of a cluster head according to the present invention.

4 schematically illustrates a process of collecting data using a hybrid protocol according to the present invention.

FIG. 5 shows the algorithm for the pure randomization protocol of FIG. 3A divided into three layers.

FIG. 6 illustrates an algorithm for the hybrid randomization protocol of FIG. 4 divided into three layers.

Claims (10)

A data collection method in a sensor network comprising a plurality of sensor nodes, a cluster head connected to a plurality of sensor nodes, and a base station connected to a plurality of cluster heads, the cluster head comprising: Receiving randomized sensing data from a sensor node; Derandomizing the received randomized sensed data; Generating a partial collection value (PAV) by executing a collection function on the derandomized sensed data; Encrypting the generated partial collection value; And transmitting the encrypted partial collection value to a base station. The method according to claim 1, A distribution parameter for randomization and derandomization is shared between a cluster head and sensor nodes connected to the cluster head. The method according to claim 2, The randomized sensed data is randomized using the first random nonce generated based on the distribution parameter. The method according to claim 2, In the derandomizing step, derandomization is performed using a second random nonce generated based on the distribution parameter. A data collection method in a sensor network comprising a plurality of sensor nodes, a cluster head connected to a plurality of sensor nodes, and a base station connected to a plurality of cluster heads, wherein the sensor nodes connected to the cluster head are configured to use randomization. Divided into one subgroup and a second subgroup using encryption, wherein the cluster head Receiving randomized sensed data from a first subgroup, and receiving encrypted sensed data from a second subgroup; Performing derandomization and decryption on the received randomized sensed data and encrypted sensed data, respectively; Executing a collection function on the derandomized and decrypted sensed data to generate a randomized partial collection value (RPAV) and an encrypted partial collection value (EPAV), respectively; Generating a partial collection value (PAV) by performing a collection function on the randomized partial collection value (RPAV) and the encrypted partial collection value (EPAV); Encrypting the partial collection value and transmitting the encrypted data to a base station. The method according to claim 5, Distribution parameters for randomization and derandomization are shared with sensor nodes belonging to the first subgroup, And a symmetric key for encryption and decryption is set with the sensor node belonging to the second subgroup. The method according to claim 5, And a flag indicating the randomization and encryption is inserted into the randomized sensed data and the encrypted sensed data, respectively. A cluster head in a sensor network connected to a plurality of sensor nodes and a base station, A first communication unit configured to receive randomized sensing data from a sensor node; A derandomizer for derandomizing the randomized sensed data; A partial collection value calculation unit configured to generate a partial collection value by executing a collection function on the derandomized sensed data; And a second communication unit for transmitting the partial collection value to a base station. A cluster head in a sensor network connected to a plurality of sensor nodes and a base station, wherein the sensor nodes connected to the cluster head are divided into a first subgroup using randomization and a second subgroup using encryption, and the cluster Head is, A first communication unit configured to receive randomized sensed data from the first subgroup and receive encrypted sensed data from the second subgroup; A derandomizer for derandomizing the received randomized sensed data; A decryption unit which decrypts the received encrypted sensed data; A collection function is executed on the derandomized and decrypted sensed data to generate a randomized partial collection value and an encrypted partial collection value, respectively, and a collection function is performed on the randomized partial collection value and the encrypted partial collection value to perform a partial collection value. A partial collection value calculation unit generating a; And a second communication unit for encrypting the partial collection value and transmitting the encrypted portion to the base station. The method according to claim 9, And a controller configured to determine whether to derandomize or decode the sensed data received from the sensor node.

Images