ABSTRACT
Contents 11.1 Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 11.2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 11.3 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
11.3.1 Outsider Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 11.3.2 Insider Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
11.4 Secure In-Network Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 11.4.1 Notation and Key Material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 11.4.2 Key Establishment for Secure Aggregation . . . . . . . . . . . . . . . . . 283 11.4.3 Key Establishment for Secure Dissemination . . . . . . . . . . . . . . . 285
11.4.3.1 Defending against Impersonation Attacks . . . . . . . . . 285 11.4.4 Adding New Nodes to the Network . . . . . . . . . . . . . . . . . . . . . . . . 287
11.5 Resilient Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 11.6 Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
11.1 Abstract In-network processing in large-scale sensor networks has been shown to improve scalability, eliminate information, redundancy, and increase the lifetime of the network. In this chapter we address the challenge of securing
in-network processing as it translates to both aggregating sensor node measurements and disseminating commands from aggregators back to individual sensor nodes. We present mechanisms for establishing a secure communication channel between sensor nodes and aggregators, and show how scalability and resiliency to different type of attacks can be achieved. Furthermore, we demonstrate how certain requirements such as low computation/memory overhead and dynamic addition of new nodes in the network can be met. Finally, we elaborate on proposed solutions for resilient aggregation under corrupted measurements and we conclude with some open research directions.