Dr. V. Palanisamy, D. Gandhimathi / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 ...
Dr. V. Palanisamy, D. Gandhimathi / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 ...
Dr. V. Palanisamy, D. Gandhimathi / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 ...
Dr. V. Palanisamy, D. Gandhimathi / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 ...
Upcoming SlideShare
Loading in …5



Published on

International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Dr. V. Palanisamy, D. Gandhimathi / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1108-11111108 | P a g ePreservation Of Privacy And Integrity In WSN With SafegProtocolDr. V. Palanisamy, D. GandhimathiProfessor and Head,, Dept. of CSE, Alagappa University, Karaikudi, Tamilnadu,India.AbstractIn two-tiered wireless sensor networks,storage nodes play an intermediary role betweenthe sensors and the sink node. These storagenodes store data and processes queries. Thistechnique preserves power and the memory forsensor nodes, as everything is managed bystorage nodes including query processing. Thisimportance of storage nodes grabs attackers tointrude storage node in order to affect itsintegrity and privacy. Thus, there is a need toprotect storage node and we propose a newprotocol named ‘SafeG’. If storage node isprotected then, the attacker cannot infer aboutthe data present and also the queries passed bysinks. SafeG provides both privacy and integrity.SafeG encodes both the data and query and sothe encoded query acts upon encoded data. SafeGrelies on authentication chain to provideintegrity.Index Terms- Integrity, Privacy, Authentication.I. INTRODUCTIONA wireless sensor network consists ofseveral resource restricted nodes to performmonitoring tasks. Usually, it focuses in trackingmobile objects traversing in different geographicallocations. The information collected by 4each sensoris then clubbed together and gets place in storagenode.If the adversary gets access to this storagenode, all the information that are needed to be keptsecret will be revealed. Using this sensitiveinformation, the adversary can involve inmalpractice or in otherwise he can misuse thisinvaluable information. As WSN is employed topredict earthquake, environmental sensing, it isessential to provide enough security.This paper concentrates in providingintegrity and privacy by using the protocol namedSafeG. We use storage nodes here, because of thebelow mentioned benefits.Firstly, sensors save power by sending allcollected data to their closest storage node instead ofsending them to the sink through long routes.Secondly, sensors can be memory-limited becausedata are mainly stored on storage nodes. Finally,query processing becomes more efficient becausethe sink only communicates with storage nodes forqueries.The inclusion of storage nodes also bringssignificant security challenges. As storage nodesstore data received from sensors and serve as animportant role for answering queries, they are morevulnerable to be compromised, especially in a hostileenvironment.A compromised storage node imposessignificant threats to a sensor network. First, theattacker may obtain sensitive data that has been, orwill be, stored in the storage node. Second, thecompromised storage node may return forged datafor a query.Third, this storage node may not include alldata items that satisfy the query. Therefore, to designa protocol that prevents attackers from gaininginformation from both sensor collected data and sinkissued queries, which typically can be modeled asrange queries, and allows the sink to detectcompromised storage nodes when they misbehave.For privacy, compromising a storage node shouldnot allow the attacker to obtain the sensitiveinformation that has been, and will be, stored in thenode, as well as the queries that the storage node hasreceived, and will receive.Fig 1: ArchitectureNote the queries from the sink asconfidential because such queries may leak criticalinformation about query issuers’ interests, whichneed to be protected especially in militaryapplications. For integrity, the sink needs to detectwhether a query result from a storage node includesforged data items or does not include all the data thatsatisfy the query.There are two key challenges in solving theprivacy and integrity- preserving range queryproblem. First, a storage node needs to correctlyprocess encoded queries over encoded data withoutknowing their actual values. Second, a sink needs toverify that the result of a query contains all the dataitems that satisfy the query and does not contain anyforged data.In this work, SafeG, a novel privacy- andintegrity-preserving range query Proto-filter for two-
  2. 2. Dr. V. Palanisamy, D. Gandhimathi / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1108-11111109 | P a g etiered sensor networks. To preserve privacy, SafeGuses a novel technique to encode both data andqueries such that a storage node can correctlyprocess encoded queries over encoded data withoutknowing their actual values.In order to provide integrity, we present ascheme that complements existing key distributionschemes for WSNs and protects the communicationwithin a WSN against an attacker who tries tomanipulate messages in the network.This scheme relies on symmetriccryptography by taking the restrictions of sensornodes into account. It abstains from using public keycryptography or a complete infrastructure ofmutually shared symmetric keys and does notrequire a base station. Nevertheless it allows forreliable communication among any pair of nodes.This scheme is known as canwas. The mainobjective of this work is to develop a secure andefficient query processing and to achieve data, queryprivacy and integrity.II. RELATED WORKPrivacy and integrity-preserving rangequeries in WSNs have drawn people’s attentionrecently [1], [2], [3]. Sheng and Li proposed ascheme to preserve the privacy and integrity of rangequeries in sensor networks [1].This scheme uses the bucket-partitioningidea proposed by Hacigumus et al. in [4] fordatabase privacy. The basic idea is to divide thedomain of data values into multiple buckets, the sizeof which is computed based on the distribution ofdata values and the location of sensors. In each time-slot, a sensor collects data items from theenvironment, places them into buckets, encryptsthem together in each bucket, and then sends eachencrypted bucket along with its bucket ID to anearby storage node.For each bucket that has no data items, thesensor sends an encoding number, which can beused by the sink to verify that the bucket is empty, toa nearby storage node. When the sink wants toperform a range query, it finds the smallest set ofbucket IDs that contains the range in the query, thensends the set as the query to storage nodes. Uponreceiving the bucket IDs, the storage node returnsthe corresponding encrypted data in all thosebuckets. The sink can then decrypt the encryptedbuckets and verify the integrity using encodingnumbers.The S&L scheme only considered one-dimensional data in [1], and it can be extended tohandle multidimensional data by dividing thedomain of each dimension into multiple buckets.The S&L scheme has two main drawbacks inheritedfrom the bucket-partitioning technique.First, as pointed out in [5], the bucket-partitioning technique allows compromised storagenodes to obtain a reasonable estimation on the actualvalue of both data items and queries. In SafeQ, suchestimations are very difficult.Second, for multidimensional data, thepower consumption of both sensors and storagenodes, as well as the space consumption of storagenodes, increases exponentially with the number ofdimensions due to the exponential increase of thenumber of buckets.In SafeG, power and space consumptionincreases linearly with the number of dimensionstimes the number of data items. Shi et al. proposedan optimized version of S&L’s integrity preservingscheme aiming to reduce the communication costbetween sensors and storage nodes [2], [3].The basic idea of their optimization is thateach sensor uses a bitmap to represent which bucketshave data and broadcasts its bitmap to the nearbysensors. Each sensor attaches the bit maps receivedfrom others to its own data items and encrypts themtogether. The sink verifies query result integrity for asensor by examining the bitmaps from its nearbysensors.In our experiments, we did not choose thesolutions in [2] and [3] for side-by-side comparisonfor two reasons. First, the techniques used in [2] and[3] are similar to the S&L scheme except theoptimization for integrity verification.The way they extend the S&L scheme tohandle multi dimensional data is to divide thedomain of each dimension into multiple buckets.They inherit the same weakness of allowingcompromised storage nodes to estimate the values ofdata items and queries with the S&L scheme.Second, their optimization technique allowsa compromised sensor to easily compromise theintegrity verification functionality of the network bysending falsified bit maps to sensors and storagenodes. In contrast, in S&Land our schemes acompromised sensor cannot jeopardize the queryingand verification of data collected by other sensors.III. PROPOSED WORKIn Sensor Module, Sensor nodes areresponsible to collect the data from environment Thecollected data are stored into the storage node.Sensor node has limited storage capacity.All the sensor nodes should have capabilityto collect and store the data at the same time.In Storage Node Module, Storage nodesare powerful wireless devices that are equipped withmuch more storage capacity and computing powerthan sensors. The storage node collects all data fromthe sensor nodes.The storage node allows only theAuthorized user to view the actual value of sensornode data. If any unauthorized user trying to viewthe sensor node data, sink detect misbehave ofstorage node and the unauthorized user can able toview the encoded data only.
  3. 3. Dr. V. Palanisamy, D. Gandhimathi / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1108-11111110 | P a g eIn SafeG Module, SafeG is a Proto-filterthat prevents attackers from gaining informationfrom both sensor collected data and sink issuedqueries. SafeG also allows a sink to detectcompromised storage nodes when they misbehave.To preserve privacy, SafeG uses a novel techniqueto encode both data and queries such that a storagenode can correctly process encoded queries overencoded data without knowing their values.The Canwas Scheme is used to preserveintegrity and it consists of three phases. The task ofthe first phase is key pre-distribution. It is carried outbefore the sensor network is deployed. At the end ofthis phase, an arbitrarily chosen pair of nodes is(with high probability) able to establish a secretshared key (a suitable approach is described in [11]).The second phase follows immediatelyafter deployment, when the distribu- tion of thesensor nodes has been fixed. (We do not considermobile nodes in this paper.) Each node establishes aseparate secret shared key with each of its immediate(1-hop) and indirect (2-hop) neighbours. We assumethat only such nodes can participate in this process,which also participated in the first phase.This prevents an attacker from joining thenetwork with his own nodes.After the second phase,there exists at least one path between any two nodesin the network (if the network is connected) with thecharacteristics shown in Fig 1.Apparently, an attacker can manipulatemessages on such a path if he controls two adjacentnodes. Single nodes under the attacker’s control arenot capable of disrupting the communication path.The third and last phase is the operational phase ofthe sensor network.Nodes exchange messages with remotepeers by “authenticating” them with their neighbourkeys along the transmission path. This will beexplained in detail below. Note that we assume asuitable routing scheme.IV. ConclusionThus, this work provides both privacy andintegrity by using SafeG protocol. The Canvasscheme achieves data integrity at very low cost forsensor node communication. It relies on symmetriccryptographic operations and a low number of keysthat have to be stored; it is therefore well-suited forresource- constrained sensor networks. We hope thatit has become clear that in a large distributed system,such as a WSN, end-to-end security is not alwaysnecessary, and data integrity can be achieved withless effort. SafeG encodes both the data and queryand so the encoded query acts upon encoded data.SafeG relies on authentication chain to provideintegrity.REFERENCES[1] F. Chen and A. X. Liu, “SafeQ: Secure andefficient query processing in sensornetworks,” in Proc. IEEE INFOCOM,2010, pp. 1–9.[2] S. Ratnasamy, B. Karp, S. Shenker, D.Estrin, R. Govindan, L. Yin, and F. Yu,“Data-centric storage in sensornets withGHT, a geographic hash table,” MobileNetw. Appl., vol. 8, no. 4, pp. 427–442,2003.[3] P. Desnoyers, D. Ganesan, H. Li, and P.Shenoy, “Presto: A predictivestoragearchitectureforsensornetworks,”inProc.HotOS,2005,p.23.[4] D. Zeinalipour-Yazti, S. Lin, V. Kalogeraki,D. Gunopulos, and W. A. Najjar,“Microhash: An efficient index structurefor flash-based sensor devices,” in Proc.FAST, 2005, pp. 31–44.[5] B. Sheng, Q. Li, and W. Mao, “Datastorage placement in sensor net- works,” inProc. ACM MobiHoc, 2006, pp. 344–355.[6] B.Sheng,C.C.Tan,Q.Li,andW.Mao,“Anapproximationalgorithm for data storageplacement in sensor networks,” in Proc.WASA, 2007, pp. 71–78.[7] B.ShengandQ.Li,“Verifiableprivacy-preservingrangequeryintwo- tiered sensornetworks,” in Proc. IEEE INFOCOM,2008, pp. 46–50.[8] Xbow, “Stargate gateway (spb400),” 2011[Online]. Available: http:// www.xbow.com[9] W. A. Najjar, A. Banerjee, and A. Mitra,“RISE: More powerful, en- ergy efficient,gigabyte scale storage high performancesensors,” 2005 [Online]. Available:http://www.cs.ucr.edu/~rise[10] S. Madden, “Intel lab data,” 2004[Online]. Available: http://berkeley. intel-research.net/labdata[11] J. Shi, R. Zhang, and Y. Zhang, “Securerange queries in tiered sensor networks,”in Proc. IEEE INFOCOM, 2009, pp. 945–953.[12] R. Zhang, J. Shi, and Y. Zhang, “Securemultidimensional range queries in sensornetworks,” in Proc. ACM MobiHoc, 2009,pp. 197–206.[13] H. Hacigümüş, B. Iyer, C. Li, and S.Mehrotra, “Executing SQL over encrypteddata in the database-service-providermodel,” in Proc. ACM SIGMOD, 2002, pp.216–227.[14] B. Hore, S. Mehrotra, and G. Tsudik, “Aprivacy-preserving index for rangequeries,” in Proc. VLDB, 2004, pp. 720–731.[15] R. Agrawal, J. Kiernan, R. Srikant, and Y.Xu, “Order preserving encryption fornumeric data,” in Proc. ACM SIGMOD,2004, pp. 563–574.
  4. 4. Dr. V. Palanisamy, D. Gandhimathi / International Journal of Engineering Research andApplications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1108-11111111 | P a g e[16] D. X. Song, D. Wagner, and A. Perrig,“Practical techniques for searches onencrypted data,” in Proc. IEEE S&P, 2000,pp. 44–55.[17] P. Golle, J. Staddon, and B. Waters,“Secure conjunctive keyword search overencrypted data,” in Proc. ACNS, 2004, pp.31–45.[18] D. Boneh and B. Waters, “Conjunctive,subset, and range queries on encrypteddata,” in Proc. TCC, 2007, pp. 535–554.