Einar Mykletun

Efficient aggregation of encrypted data in wireless sensor networks

Wireless sensor networks (WSNs) are ad-hoc networks composed of tiny devices with limited computation and energy capacities. For such devices, data transmission is a very energy-consuming operation. It thus becomes essential to the lifetime of a WSN to minimize the number of bits sent by each device. One well-known approach is to aggregate sensor data (e.g., by adding) along the path from sensors to the sink. Aggregation becomes especially challenging if end-to-end privacy between sensors and the sink is required. In this paper, we propose a simple and provably secure additively homomorphic stream cipher that allows efficient aggregation of encrypted data. The new cipher only uses modular additions (with very small moduli) and is therefore very well suited for CPU-constrained devices. We show that aggregation based on this cipher can be used to efficiently compute statistical values such as mean, variance and standard deviation of sensed data, while achieving significant bandwidth gain.

Authentication and integrity in outsourced databases

In the Outsourced Database (ODB) model, entities outsource their data management needs to a third-party service provider. Such a service provider offers mechanisms for its clients to create, store, update, and access (query) their databases. This work provides mechanisms to ensure data integrity and authenticity for outsourced databases. Specifically, this article provides mechanisms that assure the querier that the query results have not been tampered with and are authentic (with respect to the actual data owner). It investigates both the security and efficiency aspects of the problem and constructs several secure and practical schemes that facilitate the integrity and authenticity of query replies while incurring low computational and communication costs.

Efficient and provably secure aggregation of encrypted data in wireless sensor networks

Wireless sensor networks (WSNs) are composed of tiny devices with limited computation and battery capacities. For such resource-constrained devices, data transmission is a very energy-consuming operation. To maximize WSN lifetime, it is essential to minimize the number of bits sent and received by each device. One natural approach is to aggregate sensor data along the path from sensors to the sink. Aggregation is especially challenging if end-to-end privacy between sensors and the sink (or aggregate integrity) is required. In this article, we propose a simple and provably secure encryption scheme that allows efficient additive aggregation of encrypted data. Only one modular addition is necessary for ciphertext aggregation. The security of the scheme is based on the indistinguishability property of a pseudorandom function (PRF), a standard cryptographic primitive. We show that aggregation based on this scheme can be used to efficiently compute statistical values, such as mean, variance, and standard deviation of sensed data, while achieving significant bandwidth savings. To protect the integrity of the aggregated data, we construct an end-to-end aggregate authentication scheme that is secure against outsider-only attacks, also based on the indistinguishability property of PRFs.

Public Key Based Cryptoschemes for Data Concealment in Wireless Sensor Networks

In-network data aggregation is a popular technique for reducing the energy consumption tied to data transmission in a multi-hop wireless sensor network. However, data aggregation in untrusted or even hostile environments becomes problematic when end-to-end privacy between sensors and the sink is desired. In this paper we revisit and investigate the applicability of additively homomorphic public-key encryption algorithms for certain classes of wireless sensor networks. Finally, we provide recommendations for selecting the most suitable public key schemes for different topologies and wireless sensor network scenarios.

TinyPEDS: Tiny persistent encrypted data storage in asynchronous wireless sensor networks

In wireless sensor networks there is a need to securely store monitored data in a distributed way whenever it is either not desired or simply not possible to transmit regional volatile information to an authorised recipient in real-time. In particular, for wireless sensor network applications with an asynchronous character, the wireless sensor network itself needs to store the monitored data. Since nodes may disappear over time, a replicated and read-protected, but yet space- and energy-efficient, data storage is mandatory. In this work we provide and analyse an approach for a tiny Persistent Encrypted Data Storage (tinyPEDS) of the environmental fingerprint for asynchronous wireless sensor networks. Even if parts of the network are exhausted, restoring rules ensure that, with a high probability, environmental information from past is still available.

Aggregation queries in the database-as-a-service model

In the Database-As-a-Service (DAS) model, clients store their database contents at servers belonging to potentially untrusted service providers. To maintain data confidentiality, clients need to outsource their data to servers in encrypted form. At the same time, clients must still be able to execute queries over encrypted data. One prominent and fairly effective technique for executing SQL-style range queries over encrypted data involves partitioning (or bucketization) of encrypted attributes. However, executing aggregation-type queries over encrypted data is a notoriously difficult problem. One well-known cryptographic tool often utilized to support encrypted aggregation is homomorphic encryption; it enables arithmetic operations over encrypted data. One technique based on a specific homomorphic encryption function was recently proposed in the context of the DAS model. Unfortunately, as shown in this paper, this technique is insecure against ciphertext-only attacks. We propose a simple alternative for handling encrypted aggregation queries and describe its implementation. We also consider a different flavor of the DAS model which involves mixed databases, where some attributes are encrypted and some are left in the clear. We show how range queries can be executed in this model.

Signature Bouquets: Immutability for Aggregated/Condensed Signatures

Database outsourcing is a popular industry trend which involves organizations delegating their data management needs to an external service provider. Since a service provider is almost never fully trusted, security and privacy of outsourced data are important concerns.

A Framework for Efficient Storage Security in RDBMS

With the widespread use of e-business coupled with the public’s awareness of data privacy issues and recent database security related legislations, incorporating security features into modern database products has become an increasingly important topic. Several database vendors already offer integrated solutions that provide data privacy within existing products. However, treating security and privacy issues as an afterthought often results in inefficient implementations. Some notable RDBMS storage models (such as the N-ary Storage Model) suffer from this problem. In this work, we analyze issues in storage security and discuss a number of trade-offs between security and efficiency. We then propose a new secure storage model and a key management architecture which enable efficient cryptographic operations while maintaining a very high level of security. We also assess the performance of our proposed model by experimenting with a prototype implementation based on the well-known TPC-H data set.

Improving secure server performance by re-balancing SSL/TLS handshakes

Much of todays distributed computing takes place in a client /server model. Despite advances in fault tolerance - in particular, replication and load distribution -- server overload remains to be a major problem. In the Web context, one of the main overload factors is the direct consequence of expensive Public Key operations performed by servers as part of each SSL handshake. Since most SSL-enabled servers use RSA, the burden of performing many costly decryption operations can be very detrimental to server performance. This paper examines a promising technique for re-balancing RSA-based client/server handshakes. This technique facilitates more favorable load distribution by requiring clients to perform more work (as part of encryption) and servers to perform commensurately less work, thus resulting in better SSL throughput. Proposed techniques are based on careful adaptation of variants of Server-Aided RSA originally constructed by Matsumoto, et al. [1]. Experimental results demonstrate that suggested methods (termed Client-Aided RSA) can speed up processing of RSA private key operations by a factor of between 11 to 19, depending on the RSA key size. This represents a considerable improvement. Furthermore, proposed techniques can be a useful companion tool for SSL Client Puzzles in defense against DoS and DDoS attacks.

Incorporating a secure coprocessor in the database-as-a-service model

In this paper, we suggest an extension to the database-as-a-service (DAS) model that introduces a secure coprocessor (SC) at an untrusted database service provider in order to overcome drawbacks in the plain DAS model. The processor serves as a neutral party between the clients and service providers with the goal of increasing security of outsourced data. Additionally, it supports a much broader range of queries performed and reduces both bandwidth and computational burdens on the client. We expect these improvements to make the DAS model more viable and attractive from a clients perspective.