SafeQ: Secure and Efficient Query Processing in Sensor Networks

The architecture of two-tiered sensor networks, where storage nodes serve as an intermediate tier between sensors and a sink for storing data and processing queries, has been widely adopted because of the benefits of power and storage saving for sensors as well as the efficiency of query processing. However, the importance of storage nodes also makes them attractive to attackers. In this paper, we propose SafeQ, a protocol that prevents attackers from gaining information from both sensor collected data and sink issued queries. SafeQ also allows a sink to detect compromised storage nodes when they misbehave. To preserve privacy, SafeQ uses a novel technique to encode both data and queries such that a storage node can correctly process encoded queries over encoded data without knowing their values. To preserve integrity, we propose a new data structure called neighborhood chains that allows a sink to verify whether the result of a query contains exactly the data items that satisfy the query. In addition, we propose a solution to adapt SafeQ for event-driven sensor networks.

[1]  Michael Gertz,et al.  Authentic Data Publication Over the Internet , 2003, J. Comput. Secur..

[2]  Bo Sheng,et al.  Data storage placement in sensor networks , 2006, MobiHoc '06.

[3]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[4]  Alex X. Liu,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. IEEE/ACM TRANSACTIONS ON NETWORKING 1 Privacy- and Integrity-Preserving Range Queries in Sensor Networks , 2022 .

[5]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[6]  Rui Zhang,et al.  Secure multidimensional range queries in sensor networks , 2009, MobiHoc '09.

[7]  Rui Zhang,et al.  Secure Range Queries in Tiered Sensor Networks , 2009, IEEE INFOCOM 2009.

[8]  Alex X. Liu,et al.  Collaborative enforcement of firewall policies in virtual private networks , 2008, PODC '08.

[9]  Hong Chen,et al.  Access Control Friendly Query Verification for Outsourced Data Publishing , 2008, ESORICS.

[10]  Kian-Lee Tan,et al.  Authenticating Multi-dimensional Query Results in Data Publishing , 2006, DBSec.

[11]  Deborah Estrin,et al.  Data-Centric Storage in Sensornets with GHT, a Geographic Hash Table , 2003, Mob. Networks Appl..

[12]  Songwu Lu,et al.  Design and Implementation of Cross-Domain Cooperative Firewall , 2007, 2007 IEEE International Conference on Network Protocols.

[13]  Dimitrios Gunopulos,et al.  Microhash: an efficient index structure for fash-based sensor devices , 2005, FAST'05.

[14]  Nick McKeown,et al.  Algorithms for packet classification , 2001, IEEE Netw..

[15]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[16]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  Bo Sheng,et al.  An Approximation Algorithm for Data Storage Placement in Sensor Networks , 2007, International Conference on Wireless Algorithms, Systems and Applications (WASA 2007).

[18]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[19]  Gene Tsudik,et al.  Authentication of Outsourced Databases Using Signature Aggregation and Chaining , 2006, DASFAA.

[20]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[21]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[22]  Kian-Lee Tan,et al.  Authenticating query results in edge computing , 2004, Proceedings. 20th International Conference on Data Engineering.

[23]  Bo Sheng,et al.  Verifiable Privacy-Preserving Range Query in Two-Tiered Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[24]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[25]  Peter Desnoyers,et al.  PRESTO: A Predictive Storage Architecture for Sensor Networks , 2005, HotOS.

[26]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[27]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[28]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[29]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[30]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[31]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[32]  Yeim-Kuan Chang,et al.  Fast binary and multiway prefix searches for packet forwarding , 2007, Comput. Networks.