Privacy in data aggregation

Abstract

We started addressing the security of in-network data aggregation in the previous chapter, where we addressed the problem of theMedian computation where attacker nodes can be present. In this chapter we address another security problem related to the data aggregation: The node’s privacy. In fact, in the data aggregation technique, some sensor nodes need to send their individual sensed values to an aggregator node, empowered with the capability to decrypt the received data to perform a partial aggregation. This scenario raises privacy concerns in applications like personal health care and the military surveillance. The contributions of this chapter are two-fold: first, we design a private data aggregation protocol that does not leak individual sensed values during the data aggregation process. In particular, neither the base station nor the other nodes are able to compromise the privacy of an individual node’s sensed value. Second, the proposed protocol is robust to data-loss; if there is a node-failure or communication failure, the protocol is still able to compute the aggregate and to report to the base station the number of nodes that participated in the aggregation. To the best of our knowledge, our scheme is the first one that efficiently addresses the above issues all at once.