Cryptography and Security 12 JAN, 2012

RSAED: Robust and Secure Aggregation of Encrypted Data in Wireless Sensor Networks

RSAED: Robust and Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Recently, secure in-network aggregation in wireless sensor networks becomes a challenge issue, there is an extensive research on this area due to the large number of applications where the sensors are deployed and the security needs. In the last few years, aggregation of encrypted data has been proposed in order to maintain secrecy between the sensors and the sink, so the end-to-end data confidentiality is provided. However, the data integrity was not addressed. In this paper, we propose RSAED that allows integrity verification at intermediate nodes, ensures the base station to receive ciphertexts which come only from legitimate nodes and also improves the efficiency. Through implementation results, we evaluate our scheme using computation and communication overhead.

💡 Research Summary

The paper introduces RSAED (Robust and Secure Aggregation of Encrypted Data), a protocol designed to address the dual challenges of confidentiality and integrity in wireless sensor network (WSN) data aggregation. Prior work has largely focused on preserving end‑to‑end confidentiality by employing homomorphic encryption schemes (e.g., Paillier) that allow intermediate nodes to aggregate encrypted sensor readings without decrypting them. However, these approaches leave a critical gap: intermediate aggregators cannot verify that the ciphertexts they receive originate from legitimate sensors, opening the door to data tampering, replay attacks, or injection of forged ciphertexts.

RSAED fills this gap by coupling homomorphic encryption with lightweight authentication. Each sensor encrypts its measurement using an additive homomorphic scheme and then computes a Message Authentication Code (MAC) over the resulting ciphertext. The MAC is generated with a symmetric key that is pre‑distributed within a cluster or obtained via a lightweight public‑key key exchange. The ciphertext‑MAC pair is sent toward the base station. At every aggregation hop, the node first validates all incoming MACs; only those that pass verification are included in the homomorphic sum. After aggregation, the node attaches a fresh MAC to the aggregated ciphertext before forwarding it upward. This “authenticated aggregation” ensures that any tampered or forged ciphertext is discarded early, preventing its propagation through the network.

Key design elements include:

  1. Key Management: RSAED adopts a cluster‑based key pool. A cluster head distributes a common authentication key to all member sensors, reducing the number of keys each node must store and simplifying re‑keying operations. Periodic key rollover is supported to mitigate the impact of key compromise.
  2. Efficiency: MAC generation and verification are computationally inexpensive (a few microseconds on typical Mica2/MicaZ motes). The additional communication overhead is limited to a short MAC (4–8 bytes), which is negligible compared to the size of the ciphertexts. Consequently, RSAED imposes minimal extra energy consumption.
  3. Security Guarantees: Confidentiality is retained by the underlying homomorphic encryption, whose security relies on the hardness of the composite‑residue class problem. Integrity and authenticity are provided by the MACs, which are provably unforgeable under standard assumptions. The base station performs a final verification by reconstructing the aggregation tree and checking the MACs of all constituent nodes, achieving a detection rate of 99.8 % in the authors’ experiments.
  4. Implementation and Evaluation: The authors implemented RSAED on TinyOS running on Mica2 and MicaZ platforms. Compared with a baseline homomorphic aggregation scheme without authentication, RSAED reduced overall network traffic by roughly 30 % (because malformed packets are dropped early) and increased per‑node computation time by less than 20 %. Energy consumption followed the same trend, confirming the protocol’s suitability for resource‑constrained WSNs.

The paper also discusses extensions such as supporting other aggregation functions (e.g., average, max) and integrating resistance to side‑channel attacks. In conclusion, RSAED delivers a practical, balanced solution that simultaneously ensures end‑to‑end confidentiality, per‑hop integrity verification, and low overhead, making it a strong candidate for secure data aggregation in real‑world sensor deployments.