Abstract


In a large sensor network, in-network data aggregation, i.e., combining partial
results at intermediate nodes during message routing, significantly reduces the
amount of communication and hence the energy consumed. Recently several
researchers have proposed robust aggregation frameworks, which combine
multi-path routing schemes with duplicate-insensitive algorithms, to accurately
compute aggregates (e.g., Sum, Count, Average) in spite of message losses
resulting from node and transmission failures. However, these aggregation
frameworks have been designed without security
in mind. Given the lack of hardware support for tamper-resistance and the
unattended nature of sensor nodes, sensor networks are highly vulnerable to
node compromises. We show that even if a few compromised nodes contribute false
sub-aggregate values, this results in large errors in the aggregate computed at
the root of the hierarchy. We present modifications to the aggregation
algorithms that guard against such attacks, i.e., we present algorithms for
resilient hierarchical data aggregation despite the presence of compromised
nodes in the aggregation hierarchy. We evaluate the performance and costs of
our approach via both analysis and simulation. Our results show that our
approach is scalable and efficient.