article

Privacy- and integrity-preserving range queries in sensor networks

Authors:

Alex X. LiuAuthors Info & Claims

IEEE/ACM Transactions on Networking (TON), Volume 20, Issue 6

Pages 1774 - 1787

https://doi.org/10.1109/TNET.2012.2188540

Published: 01 December 2012 Publication History

Abstract

The architecture of two-tiered sensor networks, where storage nodes serve as an intermediate tier between sensors and a sink for storing data and processing queries, has been widely adopted because of the benefits of power and storage saving for sensors as well as the efficiency of query processing. However, the importance of storage nodes also makes them attractive to attackers. In this paper, we propose SafeQ, a protocol that prevents attackers from gaining information from both sensor collected data and sink issued queries. SafeQ also allows a sink to detect compromised storage nodes when they misbehave. To preserve privacy, SafeQ uses a novel technique to encode both data and queries such that a storage node can correctly process encoded queries over encoded data without knowing their values. To preserve integrity, we propose two schemes--one using Merkle hash trees and another using a new data structure called neighborhood chains--to generate integrity verification information so that a sink can use this information to verify whether the result of a query contains exactly the data items that satisfy the query. To improve performance, we propose an optimization technique using Bloom filters to reduce the communication cost between sensors and storage nodes.

References

[1]

F. Chen and A. X. Liu, "SafeQ: Secure and efficient query processing in sensor networks," in Proc. IEEE INFOCOM, 2010, pp. 1-9.

[2]

S. Ratnasamy, B. Karp, S. Shenker, D. Estrin, R. Govindan, L. Yin, and F. Yu, "Data-centric storage in sensornets with GHT, a geographic hash table," Mobile Netw. Appl., vol. 8, no. 4, pp. 427-442, 2003.

[3]

P. Desnoyers, D. Ganesan, H. Li, and P. Shenoy, "Presto:A predictive storage architecture for sensor networks," in Proc. HotOS, 2005, p. 23.

[4]

D. Zeinalipour-Yazti, S. Lin, V. Kalogeraki, D. Gunopulos, and W. A. Najjar, "Microhash: An efficient index structure for flash-based sensor devices," in Proc. FAST, 2005, pp. 31-44.

[5]

B. Sheng, Q. Li, and W. Mao, "Data storage placement in sensor networks," in Proc. ACM MobiHoc, 2006, pp. 344-355.

[6]

B. Sheng, C. C. Tan, Q. Li, and W. Mao, "An approximation algorithm for data storage placement in sensor networks," in Proc. WASA, 2007, pp. 71-78.

[7]

B. Sheng and Q. Li, "Verifiable privacy-preserving range query in twotiered sensor networks," in Proc. IEEE INFOCOM, 2008, pp. 46-50.

[8]

Xbow, "Stargate gateway (spb400)," 2011 {Online}. Available: http://www.xbow.com

[9]

W. A. Najjar, A. Banerjee, and A. Mitra, "RISE:More powerful, energy efficient, gigabyte scale storage high performance sensors," 2005 {Online}. Available: http://www.cs.ucr.edu/~rise

[10]

S. Madden, "Intel lab data," 2004 {Online}. Available: http://berkeley. intel-research.net/labdata

[11]

J. Shi, R. Zhang, and Y. Zhang, "Secure range queries in tiered sensor networks," in Proc. IEEE INFOCOM, 2009, pp. 945-953.

[12]

R. Zhang, J. Shi, and Y. Zhang, "Secure multidimensional range queries in sensor networks," in Proc. ACM MobiHoc, 2009, pp. 197-206.

[13]

H. Hacigümüs, B. Iyer, C. Li, and S. Mehrotra, "Executing SQL over encrypted data in the database-service-provider model," in Proc. ACM SIGMOD, 2002, pp. 216-227.

[14]

B. Hore, S. Mehrotra, and G. Tsudik, "A privacy-preserving index for range queries," in Proc. VLDB, 2004, pp. 720-731.

[15]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, "Order preserving encryption for numeric data," in Proc. ACM SIGMOD, 2004, pp. 563-574.

[16]

D. X. Song, D. Wagner, and A. Perrig, "Practical techniques for searches on encrypted data," in Proc. IEEE S&P, 2000, pp. 44-55.

[17]

P. Golle, J. Staddon, and B. Waters, "Secure conjunctive keyword search over encrypted data," in Proc. ACNS, 2004, pp. 31-45.

[18]

D. Boneh and B. Waters, "Conjunctive, subset, and range queries on encrypted data," in Proc. TCC, 2007, pp. 535-554.

[19]

P. Devanbu, M. Gertz, C. Martel, and S. G. Stubblebine, "Authentic data publication over the internet," J. Comput. Security, vol. 11, no. 3, pp. 291-314, 2003.

[20]

H. Pang and K.-L. Tan, "Authenticating query results in edge computing," in Proc. ICDE, 2004, p. 560.

[21]

H. Pang, A. Jain, K. Ramamritham, and K.-L. Tan, "Verifying completeness of relational query results in data publishing," in Proc. ACM SIGMOD, 2005, pp. 407-418.

[22]

M. Narasimha and G. Tsudik, "Authentication of outsourced databases using signature aggregation and chaining," in Proc. DASFAA, 2006, pp. 420-436.

[23]

W. Cheng, H. Pang, and K.-L. Tan, "Authenticating multi-dimensional query results in data publishing," in Proc. DBSec, 2006, pp. 60-73.

[24]

H. Chen, X. Man, W. Hsu, N. Li, and Q. Wang, "Access control friendly query verification for outsourced data publishing," in Proc. ESORICS, 2008, pp. 177-191.

[25]

R. Merkle, "Protocols for public key cryptosystems," in Proc. IEEE S&P, 1980, pp. 122-134.

[26]

E.-J. Goh, H. Shacham, N. Modadugu, and D. Boneh, "Sirius: Securing remote untrusted storage," in Proc. NDSS, 2003, pp. 131-145.

[27]

M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, "Plutus: Scalable secure file sharing on untrusted storage," in Proc. FAST, 2003, pp. 29-42.

[28]

J. Cheng, H. Yang, S. H.Wong, and S. Lu, "Design and implementation of cross-domain cooperative firewall," in Proc. IEEE ICNP, 2007, pp. 284-293.

[29]

A. X. Liu and F. Chen, "Collaborative enforcement of firewall policies in virtual private networks," in Proc. ACM PODC, 2008, pp. 95-104.

[30]

P. Gupta and N. McKeown, "Algorithms for packet classification," IEEE Netw., vol. 15, no. 2, pp. 24-32, Mar.-Apr. 2001.

[31]

Y.-K. Chang, "Fast binary and multiway prefix searches for packet forwarding," Comput. Netw., vol. 51, no. 3, pp. 588-605, 2007.

[32]

H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-hashing for message authentication," RFC 2104, 1997.

[33]

R. Rivest, "The md5 message-digest algorithm," RFC 1321, 1992.

[34]

D. Eastlake and P. Jones, "Us secure hash algorithm 1 (sha1)," RFC 3174, 2001.

[35]

B. Bloom, "Space/time trade-offs in hash coding with allowable errors," Commun. ACM vol. 13, no. 7, pp. 422-426, 1970.

[36]

P. Levis, "Simulating TinyOS networks," 2003 {Online}. Available: http://www.cs.berkeley.edu/~pal/research/tossim.html

Cited By

Chen QWu LJiang C(2022)ES-PPDA: an efficient and secure privacy-protected data aggregation scheme in the IoT with an edge-based XaaS architectureJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-022-00295-511:1Online publication date: 26-Jul-2022
https://dl.acm.org/doi/10.1186/s13677-022-00295-5
Li YLiu WZhu YChen HCheng HChen THu PHuan R(2022)Privacy-Aware Fuzzy Range Query Processing Over Distributed Edge DevicesIEEE Transactions on Fuzzy Systems10.1109/TFUZZ.2021.305995230:5(1421-1435)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1109/TFUZZ.2021.3059952
Buccafurri FDe Angelis VLax G(2022)An integrity-preserving technique for range queries over data streams in two-tier sensor networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2022.109316217:COnline publication date: 9-Nov-2022
https://dl.acm.org/doi/10.1016/j.comnet.2022.109316
Show More Cited By

Index Terms

Privacy- and integrity-preserving range queries in sensor networks

Recommendations

Secure multidimensional range queries in sensor networks
MobiHoc '09: Proceedings of the tenth ACM international symposium on Mobile ad hoc networking and computing

Most future large-scale sensor networks are expected to follow a two-tier architecture which consists of resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier. Sensor nodes submit data to nearby master nodes which ...
An efficient integrity-preserving scheme for hierarchical sensor aggregation
WiSec '08: Proceedings of the first ACM conference on Wireless network security

Sensor networks have proven to be useful in many application domains. Having the sensor nodes aggregate their results inside the network before sending the results to a base station has been shown to increase the lifetime of the network. However, sensor ...
Verifiable Privacy-Preserving Sensor Network Storage for Range Query

We consider a hybrid two-tiered sensor network consisting of regular sensors and special sensors with large storage capacity, called storage nodes. In this structure, regular sensors "push” their raw data to nearby storage nodes and the sink diffuses ...

Comments

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking

IEEE/ACM Transactions on Networking Volume 20, Issue 6

December 2012

336 pages

ISSN:1063-6692

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 December 2012

Accepted: 17 January 2012

Revised: 25 May 2011

Received: 08 July 2010

Published in TON Volume 20, Issue 6

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
209
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chen QWu LJiang C(2022)ES-PPDA: an efficient and secure privacy-protected data aggregation scheme in the IoT with an edge-based XaaS architectureJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-022-00295-511:1Online publication date: 26-Jul-2022
https://dl.acm.org/doi/10.1186/s13677-022-00295-5
Li YLiu WZhu YChen HCheng HChen THu PHuan R(2022)Privacy-Aware Fuzzy Range Query Processing Over Distributed Edge DevicesIEEE Transactions on Fuzzy Systems10.1109/TFUZZ.2021.305995230:5(1421-1435)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1109/TFUZZ.2021.3059952
Buccafurri FDe Angelis VLax G(2022)An integrity-preserving technique for range queries over data streams in two-tier sensor networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2022.109316217:COnline publication date: 9-Nov-2022
https://dl.acm.org/doi/10.1016/j.comnet.2022.109316
Zeng JDong LWu YChen HLi CWang S(2017)Privacy-Preserving and Multi-Dimensional Range Query in Two-Tiered Wireless Sensor NetworksGLOBECOM 2017 - 2017 IEEE Global Communications Conference10.1109/GLOCOM.2017.8254968(1-7)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1109/GLOCOM.2017.8254968
Chen CWu HWang LYu C(2017)Practical integrity preservation for data streaming in cloud-assisted healthcare sensor systemsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2017.05.032129:P2(472-480)Online publication date: 24-Dec-2017
https://dl.acm.org/doi/10.1016/j.comnet.2017.05.032
Gebizlioglu OJain V(2015)Energy-efficient optical networks [Series Editorial]IEEE Communications Magazine10.1109/MCOM.2015.718051853:8(122-123)Online publication date: 1-Aug-2015
https://dl.acm.org/doi/10.1109/MCOM.2015.7180518
Chia-Mu Yu Chi-Yuan Chen Han-Chieh Chao (2015)Verifiable, privacy-assured, and accurate signal collection for cloud-assisted wireless sensor networksIEEE Communications Magazine10.1109/MCOM.2015.718050753:8(48-53)Online publication date: 1-Aug-2015
https://dl.acm.org/doi/10.1109/MCOM.2015.7180507

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents