76

HANDLING RANGE QUERIES IN TWO TIER ARCHITECTURE OF WIRELESS SENSOR NETWORKS IN PRESERVING PRIVACY AND INTEGRITY USING MERKLE TREE TRAVERSAL ALGORITHM
S.Bhuvaneshwari PG Student, Dept of CSE *# bhuvanasundaram11@gmail.com
*

R.Mercy Assistant Professor, Dept of CSE *# r.mercy@gmail.com

#

C.ChristopherColumbus Professor & Head, Dept of CSE *# c.christ@gmail.com Tirunelveli

PSN college of engineering & technology,

ABSTRACT--A wireless sensor network (WSN) has spatially distributed autonomous sensors to monitor physical, environmental conditions such as temperature, sound, pressure, etc and to cooperatively pass the data through the network to a main location. There are two types of WSNs models one with sensors for sensing data and a server for receiving and processing queries from users, and models with special additional nodes, their common names are storage nodes, between the sensors and the sink In this paper, we propose SafeQ, protocol prevents attackers from gaining information from data collected by the sensors as well as sink issued queries. Privacy is preserved by SafeQ it encodes both data and Queries. without knowing their actual values encoded queries are processed over encoded data. For preserving integrity, we have proposed Merkle tree traversal algorithm. Key words Wireless sensor networks, privacy, integrity, Range queries. 1. INTRODUCTION The WSN is composed of "nodes" from few to several hundreds or even thousands, here each node is connected to one or more sensors. Each sensor node consists of radio transceiver, an internal antenna or an external antenna ,a microcontroller, an electronic circuit for interfacing with the sensors and an energy source a battery or an embedded form of energy harvesting.WSNs are widely deployed for various applications, such as monitoring things,

monitoring objects environment Sensing, building safety monitoring, earthquake prediction, etc. SENSORS: Sensors are inexpensive sensing devices with limited storage and computing power. They are often widely distributed in a field for collecting physical or environmental data, e.g., temperature. STORAGE NODES: Storage nodes are powerful wireless devices that have much more storage capacity and computing power than sensors. Each sensor periodically collects and sends data to its nearby storage node. SINK: The sink is the point of contact to users of a sensor network. Every time the sink gets a query from the user, it translates the single query into multiple queries then it sends the queries to the respective storage nodes, which processes the query and returns the query results to the sink. The sink collects the query result from multiple storage nodes into the final answer and sent it back to the user for further proceedings Fig 1 Two tier architecture of wireless sensor network.

A two tier architecture of wireless sensor network is considered in this paper here storage

77

node performs both data storage and query processing .The intermediate tier will be storage nodes for accumulating data and processing the queries. storage node serves as the place for storing collected data so it faces security challenges. A compromised storage node has significant threats to a sensor network. The attacker can collect the sensitive data stored in the storage node. A storage node that is compromised will return forged data for a query. The storage node may not include all data items which must satisfy the query.Hence storage node should preserve its privacy and integrity of the collected data. In order to prevent attackers from gaining information a Protocol should be designed. We have to identify the storage nodes that are under security attack. In this paper, we discuss privacy and integrity preserving techniques with purpose of providing security. 1.2 APPLICATIONS OF WSN The applications can be divided in three categories: 1. Monitoring of objects. 2. Monitoring of an area. 3. Monitoring of both area and objects. MONITORING AREA: Environmental and Habitat Monitoring, Precision Agriculture, Indoor Climate Control, Military Surveillance, Treaty Verification, Intelligent Alarms MONITORING OBJECTS: Structural Monitoring, Eco-physiology, Conditionbased Maintenance, Medical Diagnostics, Urban terrain mapping. To detect enemy intrusion sensors are used in military. It is also used in Green house monitoring, Landslide detection, Machine health monitoring.

Fig 1.2 Applications of WSN

2. RELATED WORK Privacy and integrity preserving range query is an important problem under investigation. The solution was proposed by Sheng and Li [7]. It is known as S&L scheme.It uses bucket-partitioning idea suggested by Hacigumus in [13] which is widely used for database privacy. The domain of data values is divided into multiple buckets. The size of the bucket is calculated based on the divided data values.Sensor collects the data place in the bucket and encrypts it for a given time slot it sends the encrypted data along with the bucket id for identification to the storage node.For an empty bucket sensor sends the encoding number for identification. The queries are sent to storage nodes. With the help of bucket id storage node sends the corresponding encrypted data so that the sink can decrypt the buckets that are encrypted by the storage nodes and integrity is verified is using encoding numbers. Only one-dimensional data is considered by S & L Scheme . For handling multi dimensional data the domain of each dimension should be divided in to multiple buckets. 3.EXISTING SYSTEM The two main disadvantages of S & L scheme are the following , it is due to bucket-partitioning technique here estimation of collected data is possible .Estimations are not possible using the proposed technique. The power and space consumptions grows exponentially in s&L scheme whereas in proposed system using Safe Q increases only linearly and not exponentially with different dimensions of data. Fig 3 Sheng & Li Scheme

78

4.1.1 PRIVACY FOR ONE DIMENSIONAL DATA The architecture considered here is two tier architecture here we have additional nodes called storage nodes for storing the collected data by the sensors this will be intermediated tier. This storage node is main component of storing data so it faces security threats.The main threats are the following 1.The collected datas confidentiality is affected.Some attacker may read the data and it cant be secure enough. .2.Integrity of the collected data will be affected as attacker may alter or modify the data. We assume the threat model that both sensors and sink are secure and the storage node is unprotected.For protecting sensors we require a tamper proof hardware which is not possible and also the data collected by the sensors is very meagre even compromised sensor can be accepted. But if a storage node is compromised more difficulties arise so we need to assure the security of the storage node.For preserving privacy we are using Safe Q protocol along with HMAC algorithm and prefix membership verification technique. Privacy refers to confidentiality of data. i.e data has not been leaked out. Integrity refers to trustworthiness of data. Origin integrity refers that source is trust worthy. Data integrity refers that data is trust worthy. To provide integrity we use merkle tree traversal algorithm,. 4.2 Preserving privacy Privacy is preserved using HMAC and prefix membership verification. 1.convert the range to a minimum set of prefixes, such that the union of the prefixes is equal. 2. Compute the prefix family for number. 3. To verify whether using only the operations of verifying whether two numbers are equal, convert each prefix to a corresponding unique number using a prefix numericalization function.The proposed protocol safe Q preserves privacy here encoded queries are processed over encoded data. This uses prefix membership verification technique along with HMAC algorithm. Protocol Submission is concerned with how the sensor sends the data periodically at the particular time slot

3.1.1 Issues in the Existing System 1.Attackers obtain the sensitive data with help of estimation .This kind of estimation provides significant threat to the security as it can be made on both sensor collected data and sink issued queries. 2. The power and space consumption of the data grows exponentially.As sensors has to save the power for collecting data this is the major drawback 3.1.2 Problem Definition How to preserve the privacy and integrity of the collected data in storage nodes present in two tier architecture of wireless sensor network? 1. Data privacy means storage node should not know the actual value of data.Actual query value should not be known to the storage node this is known as query privacy 2. Data integrity: This means the data received from the peers are legitimate the data is trustworthy.This involves origin integrity and data integrity that is source is trustworthy and data is trustworthy. 4. PROPOSED SYSTEM For preserving privacy and integrity of collected data in the storage nodes two techniques are proposed are one using Safe Q and another using Merkle Tree traversal algorithm.For preserving privacy Safe Q is used. In safe Q technique both queries and data are encrypted and then they are processed as such.this uses HMAC algorithm along with prefix verification technique. Inorder to preserve integrity we proposed merkle tree traversal algorithm.

79

1.Convert the n+1 ranges to their corresponding prefix representation. 2.Numericalize all prefixes. 3.Compute the keyed Hash Message Authentication Code (HMAC) of each numericalized prefix using key, which is known to all sensors and the sink.. An HMAC function using key g that satisfies the one-wayness property and the collision resistance property. 4.Encrypt every data item with key ki. 5.Sensor si sends the encrypted data to its closest storage node. HMAC Algorithm: 1. HMAC stands for Hash Message authentication code where hash code along with secret key is used for providing authentication and confidentiality. 2. The Hash function is very important in the algorithm where as the strength of the algorithm depends on the Hash function. 4.3 INTEGRITY FOR ONE DIMENSIONAL DATA 4.3.1Preserving integrity using Merkle Tree traversal algorithm Integrity-preserving mechanism is based on Merkle hash trees. A merkle hash tree is constructed for every data item when a sensor sends the collected data item. The merkle hash tree is a complete binary tree.The Merkle hash tree used in this solution has two special properties that allow the sink to verify query result integrity. First, the value of the root is computed using a keyed HMAC function, where the key is shared between sensor and the sink. Second, the terminal nodes are arranged in an ascending order based on the value of each data item.Among all the nodes in the Merkle hash tree, only the root is sent from sensor to the storage node because the storage node can compute all other nodes in the Merkle hash tree by itself.Next, what a storage node needs to send to the sink along a query result, i.e., what should be included in a verification object. For the storage node that is near to sensor, each time it receives a query from the sink; it first finds the data items that are in the range. Second, it computes the Merkle hash tree

(except the root) from the data items. Third, it sends the query result and the verification object to the sink. Merkle tree is a binary tree on which every node has a k bit value n MH(n),MH(n) {0, 1}k and every interior nodes value is a hash function of the node values of its two children. For instance the following is the computing formula for a parent node from its two children nodes. MH(nparent) = MH(MH(nleft)||MH(nright)) MH is a one-way collision-resistant hash function like H introduced above. All the nodes in the Merkle tree need to be computed through the formula above to get the corresponding hash value.The public key for the root node that helps for authentication is placed as root of the tree. The one-time private keys are used for generation of the leaf nodes and are verified with the help of the root signature. Fig.1 is an example for Merkle tree signature with four leaf nodes{t1, t2, t3, t4}. 4.3.2 The Merkle tree traversal algorithm The purpose of Merkle tree traversal is to get all the values of authentication nodes in the authentication path from the specified leaf node to the root node. In our algorithm we make use of the increasing hash index value for each leaf node to quickly locate the required leaf node and then in terms of the updating algorithm to compute all the required values in the authentication path. 1. Set leaf = 0. 2. Output: Compute and output leaf with LEAFCALC(leaf) For each h [0,H 1] output {authh}. 3. Refresh Auth Nodes:For h such that 2h divides leaf + 1: Set authh be the sole node value in stack h. Set startnode = (leaf + 1 + 2h) 2h. stackh.initialize(startnode, h). 4. Build Stacks:For all h [0,H 1]: stackh.update(2). 5. Loop Set leaf = leaf + 1. If leaf < 2H go to Step 2 The algorithm is used to ensure the integrity of the collected data it checks whether the tree is balanced. 5. CONCLUSION

80

The paper proposes effective solution for providing privacy and integrity to the storage nodes of wireless sensor networks. Both Safe Q and merkle Tree traversal algorithm provides effective measures for security threats.The future work will be how to provided privacy and integrity in the distributed environment. 6.REFERENCES [1] F. Chen and A. X. Liu, SafeQ: Secure and efficient query processing in sensor networks, in Proc. IEEE INFOCOM, 2010, pp. 19. [2] S. Ratnasamy, B. Karp, S. Shenker, D. Estrin, R. Govindan, L. Yin, and F. Yu, Data-centric storage in sensornets with GHT, a geographic hash table, Mobile Netw. Appl., vol. 8, no. 4, pp. 427442, 2003. [3] P. Desnoyers, D. Ganesan, H. Li, and P. Shenoy, Presto:A predictive storage architecture for sensor networks, in Proc. HotOS, 2005, p. 23. [4] D. Zeinalipour-Yazti, S. Lin, V. Kalogeraki, D. Gunopulos, and W. A. Najjar, Microhash: An efficient index structure for flash-based sensor devices, in Proc. FAST, 2005, pp. 3144. [5] B. Sheng, Q. Li, and W. Mao, Data storage placement in sensor networks, in Proc. ACM MobiHoc, 2006, pp. 344355. [6] B. Sheng, C. C. Tan, Q. Li, and W. Mao, An approximation algorithm for data storage placement in sensor networks, in Proc. WASA, 2007, pp. 7178. [7] B. Sheng and Q. Li, Verifiable privacypreserving range query in twotiered sensor networks, in Proc. IEEE INFOCOM, 2008, pp. 4650. [8] Xbow, Stargate gateway (spb400), 2011 [Online]. Available: http:// www.xbow.com [9] W. A. Najjar, A. Banerjee, and A. Mitra, RISE:More powerful, energy efficient, gigabyte scale storage high performance sensors, 2005 [Online]. Available: http://www.cs.ucr.edu/~rise

[10] S. Madden, Intel lab data, 2004 [Online]. Available: http://berkeley. intel-research.net/labdata [11] J. Shi, R. Zhang, and Y. Zhang, Secure range queries in tiered sensor networks, in Proc. IEEE INFOCOM, 2009, pp. 945953. [12] R. Zhang, J. Shi, and Y. Zhang, Secure multidimensional range queries in sensor networks, in Proc. ACM MobiHoc, 2009, pp. 197206. [13] H. Hacigm, B. Iyer, C. Li, and S. Mehrotra, Executing SQL over encrypted data in the database-service-provider model, in Proc. ACM SIGMOD, 2002, pp. 216227. [14] B. Hore, S. Mehrotra, and G. Tsudik, A privacy-preserving index for range queries, in Proc. VLDB, 2004, pp. 720 731. [15] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, Order preserving encryption for numeric data, in Proc. ACM SIGMOD, 2004, pp. 563574. [16] D. X. Song, D. Wagner, and A. Perrig, Practical techniques for searches on encrypted data, in Proc. IEEE S&P, 2000, pp. 4455. [17] P. Golle, J. Staddon, and B. Waters, Secure conjunctive keyword search over encrypted data, in Proc. ACNS, 2004, pp. 3145. [18] D. Boneh and B. Waters, Conjunctive, subset, and range queries on encrypted data, in Proc. TCC, 2007, pp. 535554