The security properties of in-network aggregation

Abstract

In-network aggregation is an important paradigm for current and future networked systems, enabling efficient cooperate processing of aggregate information, while providing sub-linear scalability properties. However, security of this important class of algorithms has to date not been sufficiently addressed. In this dissertation, we focus on the integrity properties of in-network aggregation algorithms, with emphasis on the sub-goals of correctness and completeness. We propose an efficient solution that provides strong correctness guarantees by ensuring individual node integrity a priori by applying the principles of trusted systems. To this end, we propose dedicated trusted sensor and aggregator modules. Trusted modules, in conjunction with cryptographic authentication and transport protocols, are applied to construct trusted aggregation overlays, giving strong guarantees in terms of correctness. We support our findings by a proof-of-concept prototype in a single aggregator model, as well as a design for a hierarchical in-network aggregation system. Completeness is a more elusive goal than correctness, if only for the fact that drops and message corruptions are a fact of life in distributed systems. Hence, it may not be possible to distinguish between benign and malicious losses. Building on the trusted systems solution for correctness, we propose a protocol that decreases the adversarial influence in a tree-based aggregation network. We exploit the fact that a secure protocol can be executed over a trusted overlay, enabling per-edge fault detection and dissemination of edge ratings. Simulation-based trials suggest that the presented protocol achieves significant reduction in the potential impact an adversary can have on the completeness of aggregate results.