Aggregation Function using Homomorphic Encryption in Participating Sensing Application
1 Noman Saleem, 1Saed Alrabaee, 2Fawaz A. Khasawneh, and 3Mahmoud khasawneh, 1Concordia Institute for Information System Engineering, Concordia University, Montreal, Canada
2ETS - University of Quebec, Montreal, Canada 3 Department of Electrical and Computer Engineering, Concordia University, Montreal, Canada
Abstract—Participatory Sensing Application is new emerging computing paradigm that uses the data collected by the participants via mobile devices and active sensors. It gives an opportunity with the help of increasing number of mobile users to share information acquired by their sensor equipped devices. However, security and privacy are the major concerns in the success of these applications. While several security implementation techniques have discussed by the research community, one of them is Homomorphic encryption that allows aggregating encrypted values and the result would be same as unencrypted data. In this paper, we simulate the aggregation function using homomorphic encryption in participating sensing application.
Keywords-component; Participatory Sensing Application, Homomorphic encryption, Privacy and data security
I. INTRODUCTION
Computer and associated information crimes are the natural response of criminals to society’s increasing use of, and dependence upon, technology. In recent years, more and more companies using participatory sensing applications to fulfill their business needs. Companies are being blackmailed by cybercriminals who discover vulnerabilities in their wireless networks. Company’s secret and confidential information are being stolen when security breaches take place. Alas, hacking, cracking, and attacking have increased over the years and will not stop anytime soon. Several issues deal with why these activities have not been properly stopped or even curbed. These include proper identification of the attackers, the necessary level of protection for participatory sensing application networks, and successful prosecution once an attacker is captured. The challenges of securing wireless networks in the face of intruders armed with the tools of compromise have become overwhelming and are still growing.
A. Participatory Sensing Application Participatory Sensing Application [1-3] is a concept of
information collection from the large number of active devices such as mobile phones. Participatory sensing can be used to retrieve the information about the environment, weather, traffic, health, and parking spots. Mobile phones work as sensing devices and related applications are potentially unlimited.
Participatory sensing expands the capabilities of Wireless Sensor Network (WSN) applications and effectively used especially where WSN is neither economical nor feasible. [4].
In participatory sensing, mostly applications required the aggregation of sensors data among multiple users. These aggregation operations are the responsibility of aggregation server that is third party server. In this scenario, security and privacy of the data is a major concern. Distributed computation of aggregation data can be done using cryptographic protocol based on homomorphic encryption.
B. Privacy Homomorphism With the development of vast information and digitalization
especially in wireless applications, secrecy of the information is also becoming a challenge to achieve. On the same time, with the adoption of participatory sensing application environment reduce the cost and increase the utilization of mobile devices to organizations. However, security and privacy of the information stored at aggregation server is an issue. So participatory sensing has recently become an important area of research. The reason for this recent interest in the participatory sensing applications arises from its adaptability to a wide variety of problems, including not only aggregation databases containing secrecy and privacy information. Privacy Homomorphism (PH) is the mechanism that allows secure computation on encrypted data [5]. PH is basically an encryption transformation that mapping a set of operations on plaintext to another set of operations on ciphertext. The idea is to provide multilevel security by encrypting data at classified level and processed by an unclassified level (an aggregation server) and to decrypt the results at a classified level. Research shows that the fully homomorphic encryption that covers addition, subtraction, multiplication mathematical operations and operations related to minimum, maximum and average is a big challenge. We take a modular approach by doing the homomorphic encryption on different mathematical operations. We integrate the encrypted homomorphic aggregation database and make sample cases that will show the implementation of homomorphism.
We formalize our report as; in section 2 we discuss related work about some earlier approach to PH. In section 3 we discuss
2014 6th International Conference on CSIT ISBN:987-1-4799-3999-2
the motivation related to the simulation. Section 4 gives the basic structure of participatory sensing applications. Section 5 discusses about novel way of privacy homomorphism and its effectiveness in providing security. In section 6 we detail about simulation of aggregation function a numerical example to illustrate how computation performed using cryptographic homomorphic encryption in participatory sensing application.
C. Motivation In majority the participatory sensing applications uses limited
energy in communication. Aggregation can be a technique in participatory sensing application that reduces the overall cost of the communication. There are many different challenges in planning and implementing the security in participatory sensing applications. Traditional end to end security is not feasible to use in network aggregation. A corrupted active sensor (threat) can access and modify the data that compromise confidentiality and integrity. Homomorphic encryption gives the option to aggregate encrypted values and the result would be same as unencrypted data. This motivates me to device simulation architecture of aggregate function using homomorphic encryption scheme for participatory sensing application.
II. RELATED WORKIn this section we present some earlier approach to privacy
homomorphism by providing an example for illustration purpose.
Let p and q be two large and secret primes. Let n = p x q be public. Consider the plaintext set as P = Zn and the set of plaintext operations as F = {+, -, ×} consisting, respectively, of addition, subtraction and multiplication modulo n. Let the ciphertext set be C = Zp × Zq. Operations in the set F’ of ciphertext operations are the component wise version of those in F. Define the encryption key as k = (p, q) and the encryption transformation as,
Ek(α) = [α mod p, α mod q]
Given k = (p, q), the Chinese remainder theorem is used to compute Dk ([d1, d2]) [6]. When the unclassified level perform computation on encrypted data, it cannot reduce partial results to the secret moduli p and q; only reduction to the public modulus n is possible, so that in fact the unclassified level operates on Zn × Zn; however, at decryption time, knowledge of the key allows the classified level to map encrypted results from Zn × Zn back to Zp × Zq prior to using the Chinese remainder theorem [7]. This PH can be broken i. e., p and q can be found by a known plaintext attack as detailed in [8]. In subsequent para some related well-known results about privacy homomorphism are discussed. If a PH preserves order, then it is insecure against a cipher-text-only attack. If in a PH, addition is the one of the cipher-text-domain operations, then it is insecure under chosen cipher-text attack [9]. With the exception of the RSA algorithm which preserves only multiplication.
III. BASIC ARCHITECTUREA typical participating sensing application consists of
collection of mobile nodes, access points, reporting server, and application server. [10] In participatory sensing applications normally mobile nodes collect the regional information and after this there would be an aggregation server that aggregates the collected data and on the basis of that application server gives the data to reporting server to fulfill the end user requirements which is showed in Figure 1. In this paper, we consider the numerical data that collected from active devices like mobile nodes. Before sending the numerical data to the aggregation server these devices encrypt the numerical data using shared secret key of homomorphic encryption scheme between participatory sensing node and application server. After that encrypted data send and stored at aggregation server which is considered as third party server. On end user request aggregation server perform appropriate aggregation function on encrypted data and send back the encrypted data to the application server. Application server than decrypts the data and send to the end user.
Fig. 1. Basic architectural overview of participatory sensing system [11]
IV. NOVEL APPROACHIn this section we discuss about novel approach to privacy
homomorphism which include significant improvements, specification of PH and then briefly explain computations that performed at unclassified level [6].
A. Improvements A novel privacy homomorphism comes up with two
significant improvements.
• Small values are nontrivially encrypted.• The new PH is able to withstand a known-plaintext
attack.
2014 6th International Conference on CSIT ISBN:987-1-4799-3999-2
The case when p, q, n = p x q are very large integers, a small value á is very likely to have the same representation over Zn, Zp and Zq , that is
α mod n = α mod p = α mod q if α < min(p, q) Actually this is an undesirable feature because the
homomorphism of leaves the plaintext unencrypted so it insecure against a ciphertext-only attack. One possible solution is to multiply α by a pair of secret constants rp and rq such that rp < p and rq < q. The encryption key is then extended to k = (p,q,rp,rq). Moreover to prevent against cipher-text-only attacks use approach which is based on frequency analysis that secretly and randomly split α into α1, α2,…..,αm, such that αi ∈ Zn and Σ(i=1 to m) αi mod n = α.
B. Specification The specifications of privacy homomorphism are the
following.
• Secret Key: p and q be two large secret primes, such thatp x q = n, Also rp ∈ Zp, such that it generates a largemultiplicative subgroup in Zp. Also rq with similarproperties with respect to Zq.
• Public parameters: n and m, (n can be made secret toincrease security)
• Encryption: Randomly split α ∈ Zn into secret α1,α2,…..,αm, such that α = Σ(i=1 to m) αi mod n and αi ∈Zn. Compute:
Ek(α) = ([α1 rp mod p, α1 rq mod q], [α2 rp2 mod p, α2 rq2 mod q],...,[ αm rpm mod p, αm rqm mod q])...eq(1)
• Decryption: Compute the scalar product of the ith [mod p,mod q] pair by [rp-i mod p, rq-i mod q] to retrieve the [αimod p, αi mod q]. Add up to get [α mod p, α mod q]. Usethe Chinese remainder theorem (CRT) to get α mod n.
As encrypted values are computed over (Z x Z)m by the unclassified level, the use of rp and rq requires that the terms of the encrypted value having different r-degree be handled separately. The r-degree of a term is the exponent of the power of r contained in the term. This is necessary for the classified level to be able to multiply each term by rp-1 (inverse of rp over Zp) and rq-1 (inverse of rq over Zq) the right number of times, before adding all terms up, reducing the final result into Zp x Zq, and decrypting into Zn.
C. Computation at Unclassified Level Following are the computations that one can perform at
unclassified level or in other terms perform set F’ of cipher-text operations.
• Addition and subtraction: In vector notation, they aredone component wise over Z, which in polynomialnotation means adding terms with the same degree.
• Multiplication: It works like in the case of polynomials:all terms are cross-multiplied in Z, with a i1th degreeterm by a i2th degree term yielding a (i1 + i2)th degreeterm. Finally, terms having the same degree are added up.
• Division: It cannot be carried out in general because thepolynomials are a ring, not a field. A good solution is toleave divisions in rational format by considering the fieldof rational functions, i.e. fractions whose numerator anddenominator are polynomials. In this way, if u and v aretwo integers, we encrypt u/v as Ek (u) / Ek(v).
V. IMPLEMENTATION In this section we discuss about the environment to facilitate
the Simulation of Homomorphic Encryption in participatory sensing application environment and then present numerical example which illustrates how computation be performed at classified and unclassified levels.
A. Environment For the implementation of this simulation project, we have
selected the open source package XAMPP for Windows 1.7.4 that has the following,
• Programming Language PHP• MySQL database• Tomcat Web Server
We develop an interface using PHP programming language for the simulation of active devices that have sensors attached to it for getting the temperature data, location data in the form of longitude and latitude and timestamp. This information collected via sensors by the active devices, encrypt using homomorphic encryption having secret keys (p, q, rp, rq) and send encrypted data to the aggregation server periodically. To setup this simulation environment, we need to develop a database structure to record the data coming from active devices and manage them in a way that can fulfill the requirements of end users specially aggregation functions like minimum/maximum and average temperature.
Fig. 2. Implementation interface developed in PHP programming language
2014 6th International Conference on CSIT ISBN:987-1-4799-3999-2
168
Aggregation server deployed on collecting periodic homomorphic encrypted data from the group of active devices connected to the aggregation server and stores them. Application server in fulfilling the requirements of end users and /or participants asks aggregation server to calculate the aggregation functions like maximum, minimum and average temperatures of different locations within specific date and time. To calculate the average temperature, the aggregation server fetches the specific records from the database and performs homomorphic addition on them. The sum result which is also in encrypted form and total number of query records send to end user via application server. Once the application server receives the data, it first decrypts the data and divides the decrypted data with already given number of records to calculate average temperature, and then deliver to the end user. Aggregation functions like minimum/maximum require comparison operation to be performed. Research shows that homomorphic encryption would be insecure against ciphertext only attacks if it allows comparison operations to be performed [12]. This paper provides the alternative approach for calculating the aggregation functions like minimum/maximum. In this paper we suggest that it is the responsibility of sensing node to calculate the minimum/maximum by communicating with aggregation server after than send the data to aggregation server with respect to location, and date. This technique saves the processing time at aggregation server for giving the results related to minimum/maximum.
Fig. 3. Database structure in MySQL
Fig. 4. Active devices interface for submitting data to aggregation server
B. Alternative algorithm for storing minimum /maximum flags 1. Active participatory sensing devices sense temperature
data with respect to location and current date.2. Connect to the database and fetch minimum and
maximum temperature records (if available) with respectto location and current date
3. If (No record) insert the current temperature data with both minimum and maximum flags on 4. else
o fetch the minimum and/or maximumtemperature records then do the decryption
5. if (Current temp >= decrypt MIN && Current temp <=decrypt MAX)
o Encrypt and insert Current temperature data asneither minimum nor maximum
6. elseif (Current temp< decrypt MIN)o update already stored minimum record as neither
minimum nor maximumo encrypt and insert Current temperature data as
minimum flag on7. elseif (Current temp>decrypt MAX)
o update already stored maximum record asminimum nor maximum
o encrypt and insert Current temperature data asmaximum flag on
End End
2014 6th International Conference on CSIT ISBN:987-1-4799-3999-2
169
Fig. 5. Data after performing aggregation function for end user
C. Numerical Example
Our example shows how computation will be performed with the proposed privacy homomorphism [6]. Actually in our implementation we simulate this concept by filling the employee data as employee name, designation and salary. Next by considering salary as a sensitive data perform multilevel computation i.e., at classified level salary will get encrypted by PH mechanism and then stored in encrypted form in database. Later we show in our simulation that how homomorphic operations perform on encrypted database for the case we are presenting modular addition operation on salaries. Finally for the verification purpose we are showing decryption that reflects that the operations performed on encrypted database is equivalent to the one in clear text.
1) Classified Level 1
Let consider p=97, q=83, rp = 3, rq = 5, be the secret key setup. Let plaintext numerical values are M1=12, M2=7, M3=23. These numerical values are secretly and randomly split and then transformed according to the proposed privacy homomorphism, thus obtaining first and second r-degree terms.
The encrypted data then forwarded to the unclassified level.
2) Unclassified Level
At this level computing sum on encrypted data by directly adding the terms.
Σ(i=1 to 3) Ek(Mi) = ([94+6+96, 78+10+77], [20+45+16,
76+42+24])
= ([196, 165], [81, 142])
3) Classified level 2
Here computing decryption function to verify the operation.
=([196 x rp-1 mod p, 165 x rq-1 mod q], [81 x rp-2 mod p, 142 x rq-2 mod q])
= ([196 x 3-1 mod 97, 165 x 5-1 mod 83], [81 x 3-2 mod 97, 142 x 5-2 mod 83])
= ([196 x 65 mod 97, 165 x 50 mod 83], [81 x 652 mod 97, 142 x 502 mod 83])
= ([33, 33], [9, 9])
= [42, 42]
In the last step all terms have been added up over Zp x Zq. Now use Chinese remainder theorem on the pair [42, 42] to recover the (M1+M2+M3). So the final result is 42.
VI. SUMMARY
In this paper we have shown via simulation that aggregation server in the environment of participatory sensing application can perform aggregation functions (minimum/maximum, average) on encrypted data using homomorphic encryption scheme without using comparison operation that would be insecure against ciphertext only attack. By using our implementation one can use any additive homomorphic encryption scheme. Furthermore, by using our implementation scheme one can search minimum/maximum over encrypted data at aggregation server that reduces the cost in terms of performance at aggregation server in a setup of participatory sensing application.
REFERENCES [1] D. Cu, M. H. Hansen, and J. Kang. Urban sensing: out of the woods.
Commun. ACM, 51(3):24{33, 2008.
[2] C. Castelluccia, A. C.-F. Chan, E. Mykletun, and G. Tsudik, “Efficient and Provably Secure Aggregation of Encrypted Data in Wireless Sensor Networks,” ACM Transactions on Sensor Networks (TOSN), vol. 5, no. 3, pp. 1–36, 2009.
[3] J. Burke, D. Estrin, M. Hansen, A. Parker, N. Ramanathan, S. Reddy, and M. B. Srivastava, “Participatory sensing,” in Workshop on World-Sensor-Web (WSW ’06): Mobile Device Centric Sensor Networks and Applications, October 2006.
[4] C. Castelluccia and C. Soriente, “Abba: A balls and bins approach to secure aggregation in wsns,” in 6th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt), April 2008, pp. 185–191.
[5] R.L. Rivest, L. Adleman and M.L. Dertouzos, On data banks and privacy homomorphisms, R.A. DeMillo, Editor, et al.Foundations of Secure Computation, Academic Press, New York (1978), pp. 169–179.
2014 6th International Conference on CSIT ISBN:987-1-4799-3999-2
[6] Josep Domingo i Ferrer, A new privacy homomorphism and applications, Information Processing Letters, Volume 60, Issue 5, 9 December 1996, Pages 277-282, ISSN 0020-0190, 10.1016/S0020-0190(96)00170-6.
[7] Josep Domingo-Ferrer. 2002. A Provably Secure Additive and Multiplicative Privacy Homomorphism. In Proceedings of the 5th International Conference on Information Security (ISC '02), Agnes Hui Chan and Virgil D. Gligor (Eds.). Springer-Verlag, London, UK, UK, 471-483.
[8] E. Brickell and Y. Yacobi, On privacy homomorphisms, D. Chaum, W.L. Price, Editors , Advances in Cryptology — Eurocrypt'87, Springer, Berlin (1988), pp. 117–125.
[9] N. Ahituv, Y. Lapid and S. Neumann, Processing encrypted data. Comm. ACM, 20 (1987), pp. 777–780.
[10] Sheng Gao, Jianfeng Ma, Weisong Shi and Guoxing Zhan, Towards Location and Trajectory Privacy Protection in Participatory Sensing, Proceedings of MobiCASE 2011 (6 pages poster), Los Angles, USA, Oct 24-27, 2011.
[11] D. Christin, A. Reinhardt, S.S. Kanhere, M. Hollick, A Survey on Privacy in Mobile Participatory Sensing Applications, Journal of Systems & Software 2011, 84 (11), 1928-1946, impact factor: 1.28.
[12] L. Ertaul, Vaidehi, “Computing Aggregation Function Minimum/Maximum using Homomorphic Encryption Schemes in Wireless Sensor Networks (WSNs)”, The 2007 International Conference on Wireless Networks, ICWN'07, June, Las Vegas
[13] ND Lane, E Miluzzo, H Lu, D Peebles, T Choudhury, AT Campbell, “A survey of mobile phone sensing”, The 2010 Communications Magazine, IEEE 48 (9), 140-150
[14] Michael M. Groat, Benjamin Edwards, James Horey, Wenbo He, and Stephanie Forrest, “Enhancing Privacy in Participatory Sensing Applications with Multidimensional Data”, In Proceedings of the Tenth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom '12), March 2012, pp. 144-152, Lugano, Switzerland.
[15] Apu Kapadia, David Kotz, and Nikos Triandopoulos, "Opportunistic Sensing: Security Challenges for the New Paradigm," In Proceedings of The First International Conference on Communication Systems and Networks (COMSNETS '09), Bangalore, India, January 5th–10th, 2009.
[16] R K Ganti, N Pham, Y E Tsai, T F Abdelzaher, “PoolView: stream privacy for grassroots participatory sensing”, Proceedings of the 6th ACM conference on Embedded network sensor systems, pp. 281--294, 2008
[17] H Ahmadi, N Pham, R Ganti, T Abdelzaher, S Nath, J Han, “Privacy-aware regression modeling of participatory sensing data” Int’l Conf, pp. 99--112, 2010
[18] Tathagata Das, Prashanth Mohan, Venkata N. Padmanabhan, Ramachandran Ramjee, Asankhaya Sharma, “PRISM: platform for remote sensing using smartphones”, MobiSys 2010.
[19] Raluca Ada Popa, Andrew J. Blumberg, Hari Balakrishnan, and Frank H. Li, “Privacy and Accountability for Location-Based Aggregate Statistics”, In the Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS'11).
[20] S. Avancha, J. Undercoffer, A. Joshi and J. Pinkston, “Security for Wireless Sensor Networks,Wireless Sensor Networks” (C.S. Raghavendra et al eds.), Chapter 12, pp. 253-275
[21] D. Christin, M. Hollick, M. Manulis, “Security and Privacy Objectives for Sensing Applications in Wireless Community Networks”, Proceedings of the 19th International Conference on Computer Communication Networks (ICCCN), August 2010.
2014 6th International Conference on CSIT ISBN:987-1-4799-3999-2
