Energy-efficient privacy-preserving data aggregation protocols based on slicing

Wireless sensor networks (WSNs) have become one of the most vigorous techniques in the network domain. However, the sensor nodes of WSNs tend to become the target of attackers due to the broadcast communication mode and the unattended deployment nature. Although it can prevent the sensitive data from being compromised, Slice-Mix-AggRegaTe (SMART) needs to exchange messages frequently in a network, which put tremendous overhead on the sensor nodes with limited resources. Faced with these issues, this paper proposes an energy-efficient privacy-preserving data aggregation protocol based on slicing (EPPA) where a novel slicing mode is adopted to reduce the numbers of slices, which can significantly prevent the data from being compromised and decrease the communication overhead. Meanwhile, an enhanced scheme based on EPPA, called multi-function privacy-preserving data aggregation protocol (MPPA), is presented and it supports multiple functions in the process of data aggregation, such as max/min, count, and mean. The theoretical analysis and the simulation evaluation show that the proposed aggregation protocols demonstrate a better performance in the privacy preserving and the communication efficiency.

Nowadays, wireless sensor networks (WSNs), seen as a popular technique, are applied into various applications, such as environmental monitoring, smart home, Internet of Things, and military battlefields [1, 2]. Many new challenges have emerged with the development of artificial intelligence and big data [3–5]. WSNs are formed by a large number of resource-constrained sensor nodes. It is almost impractical and uneconomical for each node to send its sensing data directly to base station (BS) [6–8], because the energy of the node will be exhausted in the process of data transmission and the battery capacity of the sensor node cannot meet the requirement of network application. The energy issue has become a major concern in both industrial practice and academic world [9–11]. Data aggregation (DA) [12–15] technique which is one of the essential techniques in assuring the effectiveness of WSNs can effectively overcome the energy obstacle by fusing data and decreasing redundancy in many critical applications.

Most of the nodes of a WSN are deployed in an unattended physical environment and can perceive the data from the surrounding environment, mix the data through DA technology, and then transmit them to BS through a secure channel. However, WSNs with DA may produce more secure vulnerabilities than the ones without DA technique [16]. An aggregation node (AN) in a WSN which stores a lot of perceptual data is vulnerable to attack. If ANs are compromised successfully by an adversary, the sensitive data of the whole network may be revealed. Therefore, more challenges are emerging in privacy preserving and energy effectiveness of WSNs with DA.

Although a few DA privacy-preserving protocols have been proposed in recent years [17, 18], many challenging issues remain to be conquered in resource-constrained WSNs. A cluster-based private data aggregation (CPDA) scheme was proposed [19]. In CPDA, the sensor nodes are randomly organized into clusters and all the nodes calculate aggregation values according to the algebraic properties of polynomials. This protocol ensures that private data cannot be revealed by compromising a single node. However, the complex computation of CPDA puts a huge burden on node resource. For this reason, the Slice-Mix-AggRegaTe (SMART) protocol was proposed to decrease computation overhead and promote the capacity of privacy preserving [19]. In SMART, each node hides the sensing data by cutting them into slices. After being encrypted, each slice is sent to different intermediate aggregation nodes or neighboring nodes. When an intermediate node receives the slices sent by its neighbors, the aggregation process is executed and further aggregation may be performed in the next hop node until BS arrives. SMART guarantees data privacy in the process of aggregation and the computation complexity is decreased compared with CPDA. However, it requires more communication consumption which shortens the lifetime of network and degrades the effectiveness of sensor node. Faced with this dilemma, Hua et al. proposed an energy-efficient adaptive slice-based secure data aggregation (ASSDA) scheme [20]. In ASSDA, the same data slice of a node can be sent once only in the same time slot. All the data of leaf node are sliced according to the transmitting distance and the number of receivers. ASSDA improves the efficiency of data slicing and reduces the energy consumption of nodes.

This paper presents an energy-efficient privacy-preserving data aggregation protocol based on slicing (EPPA) which adopts data decomposition to reduce the number of slices and significantly save communication costs. It is worth noting that the decomposition can protect the private data from being destroyed by collusion attack. In EPPA, only the addition aggregation function is considered and the non-addition aggregation functions are the challenging work in the current research. As an improvement to EPPA, we propose an enhanced EPPA protocol, called multi-function privacy preserving data aggregation (MPPA), which focuses on multiple aggregation functions and may improve the universality of privacy-preserving technique in WSNs.

This paper is organized as follows. Section 2 reviews the related works. Section 3 discusses the system model. Section 4 and Section 5 elaborate EPPA and MPPA in details, respectively. Section 6 evaluates the performance of our protocols. We conclude this paper in Section 7.

DA has become one of the most effective methods to decrease the system overhead by reducing the bandwidth occupation and improving the energy efficiency in WSNs [21]. However, the broadcast communication mode and the insecure deployment pattern of WSNs make DA a challenging work when various attacks emerge in a network. These issues have attracted more attention than ever before in both WSNs and other fields [22–25]. Many mechanisms have been verified to prevent DA from being compromised, and some privacy-preserving protocols with DA have been proposed to guarantee the privacy of sensing data. SMART is the pioneering method in slicing-based data aggregation protocols.

As the name suggests, “Slice-Mix-AggRegaTe (SMART)” is a three-step scheme for the privacy preserving of DA. It divides the sensing data into many slices and sends each slice to different destination nodes in order to hide the sensitive information in varied slices which can provide a better privacy protection for WSNs. Many researches have proved that SMART can protect the data security at a little cost of communication bandwidth occupation [19, 20]. The workflow of SMART is described as follows.

• Step 1: Slicing. For each node i(i=1,...,N), its private data d_i can be cut into j pieces. Firstly, it randomly selects a set of nodes J(|J|=j−1) within h hops. A dense WSN takes h=1, namely, node i selects one-hop node as its neighbors. Then, one of the pieces is kept in node i itself. The remaining (j−1) pieces are encrypted and sent to the nodes in set J. In general, SMART is a fixed slicing scheme which divides the private data into three slices. Take Fig. 1 as an instance, node 5 divides its data into three slices, m₅₁, m₄₅, and m₅₅. One slice (m₅₅) is reserved by node 5 itself and two slices (m₅₁ and m₄₅) are sent to node 1 and node 4, respectively. We expand the idea of SMART in Fig. 1 by claiming that some nodes may cut their sensing data to more than (node 6 and node 7) or less than (node 9) three pieces. We hope to illustrate that three pieces are only one of the choices for slicing mechanism.

  

  Data slicing

  Full size image

• Step 2: Mixing. When a node receives an encrypted slice from node i, it firstly decrypts the data using the shared key with node i. Then, it sums up all the received slices sent by other neighbors as shown in Fig. 2.

  

  Data mixing

  Full size image

• Step 3: Aggregation. Each AN aggregates the received slices to a single data packet and transmits it to the upstream nodes following the routing path in an aggregation tree until BS arrives as shown in Fig. 3.

  

  Data aggregation

  Full size image

Although the SMART algorithm has a good performance in the protection of data privacy, there are still some limitations that affect its practicality. (1) The communication overhead is high. The communication overhead is directly related to the number of slices. In SMART, all the nodes are cut into j slices. Therefore, the total number of slices of a WSN with N nodes is N∗j, where N represents the number of nodes. Transmitting too many slices will consume huge amounts of energy and decrease the system performance in terms of effectiveness and lifetime. (2) The probability of collision may arise. More slices may produce more packet transmissions which may result in the higher collision probability. This is an inevitable issue in SMART. Ultimately, this may affect many network parameters, such as delay, transmission error, accuracy, and efficiency [26–28].

According to the abovementioned limitations, SMART algorithm needs to be improved and challenging issues have been tackled by many contributions. He et al. proposed a SMART-based addition aggregation which was a fixed slicing scheme [19], and each node divided its raw data to J slices (J is a predefined number) and (J−1) slices are sent to its neighboring nodes and one slice is held in itself. After all the nodes have received the data slices from their neighboring nodes, these slices were mixed and the new result is transferred to an upstream AN. In this way, attackers only eavesdrop on several incomplete data slices rather than the whole data packet. Although this scheme preserves the private data effectively, it results in a large number of message exchanging. In order to reduce the amount of information transmission, Li et al. proposed an energy-efficient and high-accuracy scheme for secure data aggregation (EEHA) [29]. There are different operations for two types of nodes that are leaf nodes and aggregation nodes. The former executes slicing and mixing operations to preserve the data privacy, while the latter is not involved in slicing and is only responsible for aggregating its private data with the slices received from leaf nodes into a new aggregated data. Compared with SMART, EEHA can dramatically reduce the communication overhead and increase the accuracy of DA at a tiny price of privacy preserving. In addition, Liu et al. proposed a high energy-efficient and privacy preserving (HEEPP) [30]. It introduced random distribution into the slicing and mixing techniques to determine the number of data slices, which resulted in the lower energy consumption and the higher security of DA. However, both EEHA and HEEPP ignore the privacy preserving in case of a collusion attack. If collusion occurs, malicious sensor nodes can easily compromise the security of network to an unaccepted level. Furthermore, all the data stored in the primary node (aggregation node) may be disclosed to adversaries, which may cause a huge damage to the entire network.

Based on the abovementioned issues, we present an EPPA protocol which uses the data decomposition technique to overcome the limitations of traditional slicing mechanisms. It can not only conceal the raw data through slicing, but also decrease the number of slices at the same time. The EPPA scheme is also capable of dividing sensitive data into two pieces by extended Euclidean, which may hide the original data well and effectively defend against collusion attacks. Besides, another enhanced protocol, MPPA, is proposed, which supports multiple aggregation functions and expands the adaptability of our scheme in a practical WSN-based system.

In this section, we present the topology, the adversary model, and the design requirements of network.

3.1 Network model

In this paper, we employ the tree topolgy to organize sensor nodes for DA in WSNs, as shown in Fig. 4. Generally speaking, there are three types of nodes in a DA protocol: base station (BS), aggregation node (AN), and leaf node (LN). BS is trusted and has powerful computation and storage capacities. There is only one BS in a WSN. BS is regarded as the control center of the network and the final destination of aggregation result. As the root of the aggregation tree, it is responsible for broadcasting the query to other nodes and processing the aggregation results received from ANs. ANs are in charge of forwarding the query instructions sent by BS, collecting and aggregating the data from their child nodes. LN is used for data acquiring, data slicing, and data mixing. It cuts the raw data into slices, sends the slices to the neighboring nodes, and assembles the received slices to compute an intermediate mixing value. Assumed that the network size is N and each node is assigned different roles, such as BS, AN, and LN. N nodes are organized into an aggregation tree (the formation process will be described in Section 5), and the data are transferred from LN to BS along the tree.

Aggregation tree

Full size image

3.2 Adversary model

Because the nodes of WSN are usually deployed in an unattended environment, the attackers can easily launch multiple attacks to destroy the privacy and integrity of aggregation results. Data packet is transmitted through the radio communication channel in a WSN. Therefore, it is easy to obtain the private information through overhearing the transmission from its neighboring wireless links. Each node can monitor the sending packet in the radio coverage and the private data may be exposed to the attackers due to the open transmission mode.

3.3 Design goal

The design goal of our scheme is to use an extended Euclidean method to achieve lower communication overhead and prolong the lifetime of network. Meanwhile, the proposed scheme is expected to guarantee the security of private data and defend against both the collusion attack and the eavesdropping attack. Therefore, an ideal data aggregation scheme should meet the following conditions.

• Privacy-preservation: In the design of a secure data aggregation scheme, the preservation of private data is always a key security issue. Wireless links are vulnerable to the eavesdropping attack and the sensitive information is usually revealed to undesired neighboring nodes. The privacy leakage limits the application of WSNs and prevents WSNs from being applied into some critical industrial fields in which data privacy is regarded as one of the most important attributes. In order to broaden the application field of WSNs, it is necessary to ensure data privacy and network efficiency in a proposed protocol. Meanwhile, the data privacy aggregation scheme should be able to run in a reasonable way even in case of collusion attack.

• Efficiency: Sensor nodes in a network are usually equipped with irreplaceable or non-repeatable charging battery. Therefore, energy consumption is a critical issue since the emerging of WSNs, and it is also a core issue in the design of secure data aggregation protocol. Information exchange among nodes consumes most of the energy in a WSN. Therefore, how to decrease the traffic without sacrificing the function of network becomes an interesting challenge in the current study. Data aggregation is an important energy-saving technique which can reduce the data transfer as much as possible through intra-network fusion. Therefore, the effectiveness of network is promoted and the lifetime of network is prolonged.

This section introduces an energy-efficient privacy-preserving data aggregation (EPPA) protocol based on slicing in details. EPPA consists of four steps: the aggregation tree construction, the data slicing, the data mixing, and the data aggregation. Depending on the data slicing technique, EPPA can improve the performance of privacy preserving, decrease the energy consumption, and prolong the network lifetime of WSN compared with SMART.

4.1 Aggregation tree construction

A common technique for DA is to build an aggregation tree which is formed by all the aggregation paths from sensor nodes to BS. The aggregation tree construction process is illustrated in Fig. 5. Firstly, the BS triggers a query through broadcasting a “HELLO” message as shown in Fig. 5a. When the message is received, a sensor node elects itself as AN with a probability p_c, which is a preselected parameter for all the nodes. If a node becomes AN, it will forward the “HELLO” message to its neighboring nodes as demonstrated in Fig. 5b. Otherwise, the node will wait for a certain period of time to get other “HELLO” messages from its neighboring nodes. If a node receives multiple “HELLO” messages, it randomly selects an upstream node as its parent by sending a “JOIN” message as shown in Fig. 5c. This process is recursively executed until all the nodes join in the tree.

The aggregation tree construction

Full size image

4.2 Data slicing

We use the extended Euclidean-based decomposition approach [31, 32] to optimize the slicing technique in this subsection. The original data of each node are decomposed into two parts, one is reserved by the node itself and the other is sent to its neighboring node. We will demonstrate the extended Euclidean theorem and the feasibility proof as follows.

Theorem 1

(extended Euclidean): Two numbers a and b are non-negative and non-zero integer. gcd(a,b) denotes the greatest common divisor of a and b. Therefore, there are X and Y which satisfy gcd(a,b)=aX+bY.

Proof

The induction method is adopted to prove the theorem. Three cases are considered.

(1) If b=0, then gcd(a,b)=gcd(a,0)=a. Thus, X=1 and Y is an arbitrary value.

(2) If a=0, then gcd(a,b)=gcd(0,b)=b. Then, X is an arbitrary value and Y=1.

(3) If a≠0 and b≠0. Assumed that b∗X₁+a%b∗Y₁=gcd(b,a%b) has solutions X₁ and Y₁. Let a=k∗b+c then

• $$\begin{array}{@{}rcl@{}}\quad gcd(b,a\%b)&=&b* X_{1}+a\%b*Y_{1}=b*X_{1}\\&+&(a-k*b)*Y_{1} \\ &=&b*X_{1}+a*Y_{1}-k*b*Y_{1} \\ &=&a*Y_{1}+b*(X_{1}-k*Y_{1}). \end{array} $$

  (1)

• gcd(b,a%b)=gcd(a,b)

• a∗Y₁+b∗(X₁−k∗Y₁)=gcd(a,b).

Therefore, X=Y₁ and Y=X₁−k∗Y₁. □

According to the extended Euclidean theorem, the definition of slicing scheme is given as follows.

Definition 1

For the sensing data of node i, d_i(i=1,2,...,N), let d_i=a,d_i+1=b, thus

Therefore, raw data d_i can be decomposed into two slices, X_i and Y_i. Because gcd(d_i,d_i+1)=1, BS can recover the original data using Eq. (2) according to the extended Euclidean algorithm after all the slices are received.

Node i keeps slice X_i and sends slice Y_i to one of its neighboring node in order to hide the raw data. Figure 6 demonstrates the process of slicing based on the extended Euclidean decomposition.

Data slicing

Full size image

As shown in Fig. 6, d_i and d_j are the sensing data of node i and node j, respectively. According to the extended Euclidean theorem, d_i is divided into X_i and Y_i; d_j is divided into X_j and Y_j. Node i and node j keep X_i and X_j for themselves, respectively. Slice Y_i is sent to node j, and slice Y_j is sent to node k.

4.3 Data mixing

In order to guarantee all the slices are received, the nodes wait for a certain time slot. Then, each node sums up all the received slices with their own data to get a new packet using Eq. (3). Figure 7 shows the mixing process of sensor nodes.

Data mixing

Full size image

As shown in Fig. 7, the mixed result obtained by node j is M_j=X_j+Y_i.

4.4 Data aggregation

After slices are summed up, the node encrypts the new results and sends them to its parent. Each AN aggregates all the data received from its children nodes. Then, the aggregation results are transmitted to BS along the path in the aggregation tree as shown in Fig. 4.

The pseudo-code of EPPA is described in Algorithm I. Lines 1–8 describe the construction of an aggregation tree. The slicing mechanism is listed from Line 9 to Line 17. Firstly, the original data are sliced into two pieces by the proposed scheme. Then, one slice is sent to the neighboring node and the other is saved by the node itself.

In the previous discussion, EPPA focuses on the addition aggregation function and neglects other aggregation functions, which means that its applications are restricted to the scenarios where sensing data can only be added or summed. Therefore, the enhanced EPPA, multi-function privacy-preserving data aggregation protocol (MPPA) will be discussed in this section. MPPA supports multiple aggregation functions and significantly improves the universality of slicing for WSNs.

Based on EPPA, MPPA adds some mark bits to the original slices in order to distinguish the types of aggregation functions, as shown in Fig. 8. Firstly, BS determines how many functions should be provided before a network is deployed. Secondly, it calculates the length of mark bits m according to Eq. (4).

Mark bits

Full size image

where f represents the number of aggregation functions. Thirdly, BS negotiates about the correspondences between mark bits and functions with aggregation nodes. In the data slicing process, nodes insert mark bits for each slice according to the aggregation requirement of BS. We take three aggregation functions as an example (e.g., f=3 in Eq. 4).

• According to Eq. (4), BS computes the number of mark bits b=⌈log₂3⌉=2. In other words, we need two bits to satisfy the requirements of three aggregation functions of BS.

• BS establishes the correspondence between mark bits and aggregation functions, as shown in Table 1. Notice that the combination “11” is left for future use if we hope MPPA to support more than three aggregation functions.

  Full size table

• A node selects mark bits and tags them into a slice based on the requirement of BS as formatted in Fig. 8. For example, the mark bits should be “01” if BS hopes to calculate the mean of sensing data in its query (as shown in Fig. 8).

The pseudo-code of mark bit is described in Algorithm II in which the process of adding a flag to a data slice is displayed. The slicing, mixing, and aggregation processes in MPPA are the same as those in Algorithm I of EPPA. The difference is that the data aggregation function is executed according to different mark bits.

We evaluate EPPA and MPPA through the theoretical analysis and the simulation experiment. We also compare our schemes with two typical protocols (EEHA and SMART) in terms of privacy preservation, communication overhead, and network lifetime. It should be pointed out that the number of slices is three (J=3) in SMART and EEHA.

6.1 Privacy-preserving analysis

This paper conducted an analysis of the exposure probability of privacy caused by collusion attacks. Assumed that there are malicious ANs and LNs in a network. After slicing is executed, Y_i is sent to node j and d_i can be recovered if node j is a malicious one which colludes with its AN. Then, the private data of node i may be revealed. There is another situation where X_i is kept by node i itself. d_i can also be recovered if node i is malicious and colludes with its AN. Considering these two cases, the hidden probability can be illustrated using Eq. (5) which expresses the ability of privacy preserving.

where C(∗) represents the event that entity ∗ is malicious. |A_m| and |A| denote the number of malicious ANs and the number of ANs, respectively.

Then, the hidden probability P_p of EPPA, P_m of MPPA, P_s of SMART, and P_e of EEHA can be inferred as Eqs. (6), (7), (8) and (9), respectively.

In Eq. (7), P_f represents the probability that an attacker will obtain the private information based on mark bits. In EEHA, when the data of ANs are not sliced, P_a denotes the probability that the attacker will destroy the privacy through the compromised ANs. We compare the hidden probabilities of SMART, EEHA, EPPA, and MPPA with |LN^∗| malicious sensor nodes (leaf nodes) and |A_m| malicious aggregation nodes. Obviously, as EPPA and MPPA adopt a more complex slicing technique, their privacy performances are superior to those of SMART and EEHA in the cases of malicious LNs and malicious ANs as shown in Figs. 9 and 10.

Hidden probability with malicious sensor nodes

Full size image

Hidden probability with malicious ANs

Full size image

6.2 Communication overhead

The communication overhead mainly resides in transmission of data slices. In SMART, each node needs to exchange two messages in a sensing round. In EEHA, only the leaf nodes divide their data into slices and two of the slices are sent to their neighbors. Each AN needs to transmit one message for data aggregation. Therefore, the bandwidth consumption of SMART is higher than that of EEHA. Similar to EEHA, only leaf nodes need to perform the operations of slicing and exchanging operations in EPPA and MPPA. However, the sensing data are divided into two pieces and only one piece is sent to the neighbor. Obviously, the energy consumption of EPPA and MPPA is lower than that of EEHA and SMART. Hence, the communication overhead of four schemes can be formalized as Eqs. (10), (11), (12), and (13).

where δ and K represent the proportion of leaf nodes and slices, respectively. The message complexity of four schemes is shown in Fig. 11. The less the information is exchanged, the lower the energy will be consumed.

Communication overhead

Full size image

6.3 Network lifetime

Figure 12 shows the percentage of residual energy in a network as execution time escapes with which we can evaluate the network lifetime of different protocols. It is shown that SMART consumes energy much faster than other schemes. This is because there are more message exchanges in SMART in each round. Also, EPPA and MPPA have a longer lifetime in contrast with SMART and EEHA for their Euclidean-based slicing technique.

Residual energy

Full size image

WSNs are composed of resource-constrained sensors which are usually deployed in an unattended or wild area. Therefore, energy and privacy issues are the main concerns in WSNs. The proposed EPPA scheme adopts data decomposition to replace the traditional slicing scheme in order to reduce energy consumption and prevent the private data from being compromised. In addition, an enhanced EPPA protocol called MPPA is proposed for the purpose of dealing with the problem that the typical slicing mechanism supports the addition aggregation function only and fails to meet the requirements of WSNs in many application scenarios. MPPA is characterized by focusing on multiple functions and significantly improving the universality of DA in WSNs. Simulation results show that our approaches can effectively decrease the overhead of communication and guarantee the data privacy. However, EPPA and MPPA can only be applied to integer aggregation which may produce a negative impact on data accuracy. We will make more in-depth research on decomposition so that it can be applied into more scenarios in the future.

Data sharing not applicable to this article as no datasets were generated or analyzed during the current study.

AN:

Aggregation node

ASSDA:

Adaptive slice-based secure data aggregation

BS:

Base station

CPDA:

Cluster-based private data aggregation

DA:

Data aggregation

EEHA:

Energy-efficient and high-accuracy

EPPA:

Energy-efficient privacy-preserving data aggregation protocol

HEEPP:

High energy-efficient and privacy preserving

LN:

Leaf node

MPPA:

Multi-function privacy-preserving data aggregation protocol

SMART:

Slice-Mix-AggRegaTe

WSNs:

Wireless sensor networks

This work was supported in part by the National Natural Science Foundation of China under Grants 61672321, 61832012, 61771289, and 61373027 and the Shandong Graduate Education Quality Improvement Plan SDYY17138.

This work was supported in part by the National Natural Science Foundation of China under Grants 61672321, 61832012, 61771289, and 61373027 and the Shandong Graduate Education Quality Improvement Plan SDYY17138.

Authors and Affiliations

1. School of Information Scicence and Engineering, Qufu Normal University, Yantai Road, Rizhao, 276826, China

   Xiaowu Liu, Xiaowei Zhang, Qiang Zhang & Can Fu

2. School of Computer Science and Technology, Qilu University of Technology (Shandong Academy of Sciences), Daxue Road, Jinan, 250353, China

   Jiguo Yu

Contributions

XZ, QZ, and CF are the principal contributors in terms of simulation modeling and the generation/interpretation of numerical results. In a supervising role, XL and JY formulated the research problem and contributed to the simulation modeling and the discussion of results. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Xiaowu Liu.

Competing interests

The authors declare that they have no competing interests.

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License(http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Reprints and permissions