data consistency in sensor networks: secure agreement fatemeh borran supervised by: panos...

Data Consistency in Sensor Networks: Secure Agreement

Fatemeh Borran

Supervised by: Panos Papadimitratos, Marcin PoturalskiProf. Jean-Pierre Hubaux

IC-29 Self-Organised Wireless and Sensor Networks

Outline

• Introduction

• Problem Statement

• Assumptions

• System Model

• Algorithms

• Results

• Conclusion

March 6, 2007 2

Introduction

• Classical Sensor Networks– centralized and reliable base station– one-to-many association

• Distributed Sensor Networks– decentralized architecture– every node could be faulty or malicious– many-to-many association

March 6, 2007 3

March 6, 2007 4

Problem Statement

• Environment produces single actual value α

• Each sensor node measures the noisy environment

• Measurement error is bounded by ε

• All sensor nodes don’t behave correctly

• incorrect measurement or malicious behavior

Problem: value of single sensor node is not reliable

Goal: ensure data consistency among sensor nodes

Approach: agreement on actual value α

March 6, 2007 5

Fault Model

Correct Sensor:• behave according to the protocol specification• measurement error is bounded by ε

Faulty Sensor:• measurement error is not bounded• follow assigned protocol

Byzantine Sensor:• under control of a unique adversary• behave arbitrary (crash-failure, omission-failure,…)

|F|≤ k

|B|≤ t

|C|≥ n-k-t

March 6, 2007 6

System Model

System• Synchronous: transmission delay and process speed are

bounded and known• Asynchronous: slow process is not detectable

Authentication• Unique identity and signature• A modified message is detectable

Communication Channels• Integrity: every received message was previously sent• No-duplication: each message is received at most once• Reliability: messages sent by a correct node are received by all

nodes and are not modified.

March 6, 2007 7

Secure Agreement Problem

Properties:• Validity: if si decides v, then |v-vi|≤ε and vi is initial value of

some non-Byzantine node

• Strong Validity: if si decides v, then |v-α|≤ε

• Agreement: if si decides vi and sj decides vj then |vi-vj|≤Φ

• Termination: every non-Byzantine node eventually decides

Primitives:• broadcast(vi)

• decide(v)

March 6, 2007 8

Algorithm I: Synchronous One-hop

Vp := <p,xp>

r := 1

while r < t+1 do

broadcast(Vp) to all nodes

Vp := Vp U {Vq | Vq is received from q}

r := r + 1

end while

T := all duplicated values in Vp

Vp := Vp - T

decide(f(Vp))

f: trimming and averaging function

Wp := reduce(Vp,k+t-|T|/2)f(Vp) := mean(Wp)

r ≤ 1

March 6, 2007 9

Theorem I

Theorem I: Algorithm I solves secure agreement for one-hop synchronous sensor networks with authenticated messages.

Lemma I: After t+1 rounds, all nodes have the same set.

Lemma II: All nodes apply the same deterministic function: f.

Communication complexity: O((t+1)n2)

S

P Q

x

<S, x>

Round 1

S

P Q

x

<S, x>

Round 2

<S, x>

S

P Q

x

<S, x>

Round 1

S

P Q

x

<S, x><S, y>

Round 2

<S, y><S, x>

y y

<S, y>

S is Byzantine

March 6, 2007 10

Algorithm II: Synchronous One-hop

r := 1

while true do

broadcast(xp) to all nodes

Vp := U{<q,xq> | xq is received from q}

Wp := reduce(Vp,t+k)

xp := median(Wp)

if (δ(Wp) < Φ) then

decide(xp)

end if

r := r + 1

end while

Φ = ε => one round is requiredΦ < ε => two rounds are required

δ(Wp):= max(Wp) – min(Wp)

March 6, 2007 11

Theorem II

Theorem II: Algorithm II solves secure agreement for one-hop synchronous sensor networks with authenticated messages.

Lemma I: Wp contains only the values from correct nodes.Lemma II: Every faulty node corrects its value after first

round.

Communication complexity: O(n)

Question: Is it possible to achieve O(c)complexity?

March 6, 2007 12

Algorithm III: Synchronous One-hop

r := 1

S := arbitrary set of 2t+2k+1 nodes

while true do

if p in S then


end if

… // same as Algorithm II

r := r + 1

end while

Communication complexity: O(2t+2k+1)

March 6, 2007 13

Modified Algorithm II: Asynchronous One-hop

r := 1

while true do


Vp := U{<q,xq> | xq is received from q}

if (|Vp | ≥ n-t) then


xp := median(Wp)


decide(xp)

end if

end if

r := r + 1

end while

|V|: cardinality of VΦ = ε => one round is required in best caseΦ < ε => t rounds are required in best case

Multi-hop Communication

Connectivity: there is a path between each pair of non-Byzantine nodes in the network.

t-connectivity: there are no t nodes whose removal disconnects the network

March 6, 2007 14

Correct node

Faulty node

Byzantine node

Communication range

unconnected network




March 6, 2007 15

Correct node

Faulty node

Byzantine node

Communication range

unconnected network




March 6, 2007 16

connected network

Correct node

Faulty node

Byzantine node

Communication range

March 6, 2007 17

Modified Algorithm I: Synchronous Multi-hop

Vp := <p,xp>

r := 1

while r < t+d+1 do



r := r + 1

end while

T := all duplicated values in Vp

Vp := Vp – T

decide(f(Vp))

f: trimming and averaging function

Wp := reduce(Vp,k+t-|T|/2)f(Vp) := mean(Wp)

d: network diameter

r < d+1

March 6, 2007 18

Theorem III

Theorem III: Algorithm I solves secure agreement for multi-hop synchronous sensor networks with authenticated messages.

Lemma I: After t+d+1 rounds, all nodes have the same set.


Lemma III: t-connectivity ensures agreement and termination.

Communication complexity: O((t+d+1)n2)

March 6, 2007 19

Algorithm IV: Asynchronous Multi-hop

Vp := <p,xp>

r := 1

while true do



if (|Vp| > 2(t+k)) then


xp := median(Wp)


decide(xp)

end if

end if

Vp := <p,xp>

r := r + 1

end while

Φ = ε => one round is required in best caseΦ < ε => n-2t-2k rounds are required in best case

March 6, 2007 20

Theorem IV

Theorem IV: Algorithm IV solves secure agreement for multi-hop asynchronous sensor networks with authenticated messages.

Lemma I: Within 2(t+k)+1 values, t+k+1 values are correct.


Lemma III: t-connectivity ensures termination.

Communication complexity: O(2(t+k)n)

Results: One-hop

March 6, 2007 21

Algorithm System Assumption Communication complexity

Algorithm I Synchronous n > 2t+2k O(n2)

Algorithm II Synchronous n > 2t+2k O(n)

Algorithm III Synchronous n > 2t+2k O(2(t+k))

Algorithm II’ Asynchronous n > 3t+2k O(n) *

Table I: Secure Agreement with Strong Validity

* best case results

Results: One-hop

March 6, 2007 22


Algorithm I Synchronous n > 2t O(tn2)

Algorithm II Synchronous n > 2t O(tn)

Algorithm III Synchronous n > 2t O(2t(t+k))

Algorithm II’ Asynchronous n > 3t O(tn) *

Table II: Secure Agreement with Validity

* best case results

Results: Multi-hop

March 6, 2007 23


Algorithm I’ Synchronous n > 2t+2k O(dn2)

Algorithm IV Asynchronous n > 2t+2k O(2(t+k)n) *

Table III: Secure Agreement with Strong Validity

* best case results

Results: Multi-hop

March 6, 2007 24


Algorithm I’ Synchronous n > 2t O((t+d+1)n2)

Algorithm IV Asynchronous n > 2t O(2(t+k)(n-2t-2k)n)*

Table IV: Secure Agreement with Validity

* best case results

March 6, 2007 25

Conclusion

• Distributed sensor networks vs. Classical sensor networks.• save communication bandwidth• provide redundancy• eliminate single-point of failure• use broadcast instead of unicast• inform quickly and easily the end-user

• Data consistency as agreement problem. • New variant of agreement problem: secure agreement.• Φ can be chosen arbitrarily small to get as close to

consensus as desired.• t-connectivity is not required to be held in every round.

March 6, 2007 26

Future works

• Strong validity requires n>2(t+k)Impossibility results with n≤2(t+k)?

• Asynchronous algorithm with constant communication complexity?

• Analyse communication complexity of worst case in asynchronous algorithms?

• Simulation results

data consistency in sensor networks: secure agreement fatemeh borran supervised by: panos...

Documents

v p v p

nodes v p

v slide

reducev p

v p t decidefv p f

medianw p

broadcastv p

broadcastx p