Wireless Sensor Networks (WSN) have emerged as a pivotal technology in many application areas such as environmental monitoring, IoT, military applications, and healthcare. These networks consist of spatially distributed, autonomous sensors that cooperatively monitor physical or environmental conditions, such as temperature, sound, or pollution levels. The unique characteristics of WSNs, including their resource constraints (e.g., energy, memory, and computational capacity), make them vulnerable to various security threats. Information security in WSNs is crucial to ensure the confidentiality, integrity, and availability of the data they collect and transmit. As these wireless sensors collect and share data, they ensure the security and privacy of transmitted information becomes critical. In recent years, with an increasing emphasis on security, there has been a growing interest in Multi-Party Computation (MPC). MPC allows multiple parties to compute a joint function over their inputs while keeping those inputs private. The SPDZ protocol is among the most prominent and influential secure computation protocols. While the initial SPDZ protocol and its successor, SPDZ-2, have shown promising results, there were still challenges related to performance, scalability, and overall security. This paper presents a newly developed protocol named SD-SPDZ (Sensor Data SPDZ). The proposed protocol is based on MPC SPDZ-2 protocol and proposes changes to increase the performance in the preprocessing phase by implementing a new algorithm for the Beaver triples calculation. This protocol enhances the privacy-preserving attributes and eficiency of its predecessors. SD-SPDZ integrates advanced cryptographic techniques, ofering a more robust and scalable solution for secure computations in WSNs. The primary benefits include reduced communication overhead, faster computation times, and improved resistance against various cyberattacks. The integration of SD-SPDZ in WSNs could improve performance sensitively and change the way sensor data is securely processed in sensor networks. It provides a promising pathway to ensure that as technology advances, the integrity and confidentiality of the data in these networks remain uncompromised. In summary, as WSNs play an increasingly critical role in modern-day applications, the need for advanced highperformance security mechanisms such as the SD-SPDZ protocol becomes more evident. This combination of cutting-edge, high-performance, secure computation with wireless sensor networks promise a future where data can be both globally accessible and privately computed, bridging the gap between performance and privacy.
Wireless Sensor Networks (WSN) [
tional power and memory [
Stream Ciphers: Focus on processing data bit-by-bit,
requiring minimal memory [
Public Key Cryptography: Though resource-intensive,
they can be optimized for specific tasks like initial key
exchange [
Multi-Party Computation: Multi-Party Computation
(MPC) [
without revealing those inputs to each other.
The main benefits of the MPC based encryption protocols are: In the area of the existing approaches, protocols, and
Privacy: Ensures that individual inputs remain secret algorithms used to reduce the encrypted
communicafrom other participants. tion overhead in WSNs the following is commonly used
Correctness: Guarantees that the output is correct even nowadays: BGW Protocol: The Beimel, Malkin, and
Miif some participants behave maliciously. cali (BGW) protocol [
This essential in some WSN’s as: in the area of secure multi-party computation. SPDZ can Secure voting systems where voters want to compute be viewed as a descendant of the BGW protocol, where the result without revealing individual votes; both focus on achieving security against a malicious adMilitary applications; versary.
Collaborative data analysis in medical research where TinyOT: An eficient protocol [
With the rising proliferation of the Internet of Things MASCOT: A follow-up to SPDZ, MASCOT introduces
(IoT) and the widespread deployment of sensor networks a more eficient method [
To understand the peculiarities and constraints of sen- MP-SPDZ: provides a complete implementation of
sor data. To evaluate existing encryption methodologies SPDZ2k [
Characteristics of Sensor Data BMR. Beaver and colleagues introduced a method [
Challenges in Sensor Data Encryption Yao’s Garbled Circuits. Bellare and co-authors
showcased a version of Yao’s garbled circuits optimized for
• Resource Limitations: Sensors often have con- DES-NI, which is the standard DES execution on
contemstrained processing capabilities, energy, and mem- porary processors [
troduce additional latency or payload. • Diverse Deployment: Sensors can be found in 2.1. SPDZ and SPDZ-2 Encryption hostile environments, making them susceptible Protocols Overview to physical attacks.
are generated where = × . During the online phase, given shares of values and that need to be multiplied, the protocol proceeds as:
Compute = ∑︁
=1 . = − = − .
guarantees and practical eficiency. SPDZ facilitates secure computation among multiple parties as connected sensor modules, ensuring that individual inputs remain private.
and eficient consistency checks, SPDZ-2 reduces the number of rounds of communication, which is especially beneficial in settings with many parties. To ensure consistency of shares and validity of the triples, MACs (Message Authentication Codes) are utilized.
The preprocessing phase is made more eficient, leading to faster overall computation times. At the same time, when applied to wireless sensor networks, the SPDZ-2 protocol can still exhibit considerable communication overhead. Sensor networks have bandwidth constraints, limited battery life, and operate in high-latency environments, making communication eficiency crucial.
tially distributed autonomous devices that cooperatively monitor physical or environmental conditions.
Applying the SPDZ-2 protocol in WSN enables secure collaborative data processing without revealing individual sensor readings.
For a WSN with n sensor nodes, let each node i have a private value . The goal is to compute a function (1, 2, . . . , ) securely.
A sensor node’s private value is split into additive secret shares distributed among other nodes such that: = ∑︁ =1 ℎ
× = + × + × + ×
In the online phase both values and where are computed as: = ∑︁
=1 , = ∑︁
=1 + = ∑︁ =1 ( + )
Beaver’s triple, multiplication can be securely performed as outlined above.
The SPDZ protocol also integrates zero-knowledge proofs to ensure correctness without revealing individual inputs or intermediate results.
Mathematically, SPDZ employs techniques from linear secret-sharing schemes to ensure zero-knowledge properties.
(, , ) where = × .
Calculate and open Sensor nodes verify the validity of MACs without reveal- The SPDZ-2 protocol, when applied to sensor networks, ing their private values. still has a significant communication overhead. This is especially problematic for wireless sensor networks, Communication Model in WSN which may have limited bandwidth or be subjected to high-latency communication environments. (9) (10) (11) (12)
Node Failures
Solution: Employ error-correcting codes for share recovery and design the protocol to be resilient to node dropouts.
Security Considerations
In WSN, the threat model may difer, with concerns of node capture or eavesdropping. The security of SPDZ-2 in such a model ensures: • Privacy: Individual sensor readings are kept con
ifdential. • Integrity: The outcome of the computation is cor
rect even if some nodes are malicious.
3.1. Sensor Data Communication Overhead in the SPDZ-2 Protocol and = − , = − , to all nodes. Each node locally computes × = + × + × + × .
MACs (Message Authentication Codes) [
In WSN, sensor nodes can be viewed as parties in the MPC. Each node can hold a piece of the secret (i.e., its measurement) and wants to perform computations without revealing its exact measurement to others.
1, 2, . . . , : (1, 2, . . . , ) = ∑︁ =1 ().
(13)
tributed manner without revealing individual values.
Bandwidth Constraint
Solution: Use compact secret sharing schemes and optimize communication patterns, possibly adopting hierarchical sensor node structures where cluster heads manage intra-cluster communication.
Energy Constraint
Solution: Minimize interactive rounds in the protocol and consider energy-eficient cryptographic operations. Asynchronous operations can be adapted to allow nodes to enter low-energy states when not actively participating.
The communication overhead in the SPDZ protocol primarily arises from: • Calculation, sharing and, reconstructing values in the preprocessing phase. • Exchanging values during the online phase for operations like multiplication using Beaver’s triples. • Zero-knowledge proofs ensure honesty and correctness.
aggregate or summarize their data. For instance, instead of sending individual readings, sensors can send averages or other statistical summaries over a time window.
Group multiple operations together, especially during the preprocessing phase. This can help amortize the cost of generating and distributing values like Beaver’s triples over multiple operations.
Instead of running individual proofs for each operation, consider batched or aggregated proofs that can cover multiple operations at once.
Implement secret sharing schemes that are tailored for sensor networks. These can focus on minimizing the number of shares or using techniques like errorcorrecting codes to handle lost or delayed shares without retransmission.
Employ data compression algorithms to reduce the size Function FixedKey_DDESES_Encrypt(input_block): of the transmitted data. This can be especially efective // Define a fixed key; this remains constant. if sensor readings or intermediate values in the SPDZ FIXED_KEY = "32-byte key derived protocol have redundancy or predictable patterns. from a secure process"
Instead of all-to-all communication, consider using relay nodes or hierarchical structures where a subset of // Use DES encryption with the fixed key. sensors aggregates data and communicates with other ciphertext = DES_Encrypt(FIXED_KEY, groups, reducing the total communication across the net- input_block) work. return ciphertext
Instead of continuous computation, synchronize the End Function computation in intervals. This allows for more batched operations and fewer real-time communication require- Function FixedKey_DES_Decrypt(ciphertext): ments. Reducing the communication overhead in the // Define the same fixed key. SPDZ protocol when applied to sensor networks requires FIXED_KEY = "32-byte key derived from a combination of algorithmic optimizations, architectural a secure process" considerations, and leveraging domain-specific knowl- // Use DES decryption with the fixed key. edge of sensor data. Implementing the above strategies plaintext = DES_Decrypt(FIXED_KEY, can significantly enhance the eficiency of the SPDZ pro- ciphertext) tocol in sensor environments. return plaintext
The current paper focuses on the algorithms related to End Function reducing the communication overhead in the preprocessing phase of the SPZD-2 protocol. One of the possible The FIXED_KEY should be securely generated, preferways to reduce the communication overhead in the pre- ably using a cryptographically secure random number processing phase of the SPDZ protocol in WSNs is to use generator, and then kept constant for all future operatechnique such Fixed-key block ciphers. tions. Storing cryptographic keys securely is essential.
Fixed-key block ciphers [
Standard Block Cipher: A standard block cipher can this would typically be 128 bits (or 16 bytes). For the be denoted as: same input, the output will always be the same since the key remains constant. : {0, 1} × { 0, 1} → {0, 1} (14) Since block ciphers are permutations for a given key, the process is reversible. If you know the fixed key, you where is the encryption function. The first parameter is can decrypt any ciphertext produced by the fixed-key a key of length bits. The second parameter is a plaintext block cipher to retrieve the original input. block of length bits. The output is a ciphertext block In the context of secure multi-party computation of length bits. For a given key and plaintext , the (SMPC), fixed-key block ciphers can be used to produce encryption is denoted as correlated randomness between parties or derive other types of structured randomness eficiently.
= (, ) (15) One notable application is in the generation of "obliviFixed-Key Block Cipher: When we talk about a ous pseudorandom functions" (OPRFs) where one party ifxed-key block cipher, the key remains constant. This learns the output of a PRF on a specific input without can be represented as: the other party learning anything about the input or the output. : {0, 1} → {0, 1}
(16) where is a predefined constant key. For any input block , the output is (, ).
With the key fixed, a block cipher behaves like a pseu- Beaver triples and fixed-key block ciphers are both techdorandom permutation (PRP) over the set of -bit strings. niques used within the realm of secure multi-party comThis means that for every input , there is a unique out- putation (SMPC). While they serve diferent primary put , and the relationship appears random unless you functions and can sometimes be complementary, they can know the fixed key. also be seen as alternative techniques in specific settings.
Primarily used for securely computing multiplication Generation of : Each party generates a random
in SMPC protocols, Beaver triples [
These triples allow parties to perform multiplication on = () (17) secret-shared values without revealing their actual in- and broadcast it. The shared value is the sum of the puts. values.
The generation of Beaver triples can be computation- Generation of : Each party generates a random ally intensive, especially in protocols that require a large value . Each party computes: number of such triples. However, once generated, they make the online phase of the computation faster. Used = () (18) widely in SMPC protocols like SPDZ and its variants. and broadcast it. The shared value is the sum of the They are fundamental for protocols that rely on secret values. sharing and require multiplication operations. Generation of : The shared value = × is
Beaver Triples ofer strong security guarantees when computed. However, instead of interacting to verify the generated correctly. Their security relies on the fact that correctness of this multiplication, the sensor modules the triples are random and independent of the inputs on can use the fact that they have encryption of the values which they will be used. and . They can derive the product of the encrypted
Fixed-Key Block Ciphers: Used to generate certain values, given the properties of the fixed-key block cipher types of correlated randomness in SMPC. A fixed-key and the determinism of their chosen function. This step block cipher is a pseudo-random function where the key avoids the need for complex interactive proofs, hence remains constant. Given the same input, it will always removing the original need for Beaver triples. produce the same output, but changing even one bit of the input will produce a substantially diferent output.
Typically, block ciphers are relatively eficient,
especially in hardware implementations. Using them to
produce correlated randomness can sometimes be more
eficient than generating Beaver triples, depending on the
protocol and context. Often used in oblivious
pseudorandom function (OPRF) [
The security here typically depends on the underlying block cipher’s robustness and resistance against cryptographic attacks. If a cryptographically secure block cipher is used, the fixed-key variant can provide strong security guarantees for its purpose. function generate_triples_using_block_cipher(): # a-values a_i = random_value() A_i = Encrypt_with_fixed_key(key_i, a_i) broadcast(A_i) a = sum_of_broadcasted_A_values # b-values b_i = random_value() B_i = Encrypt_with_fixed_key(key_i, b_i) broadcast(B_i) b = sum_of_broadcasted_B_values # Compute c using encrypted values and # properties of the block cipher c= compute_all_A_values, all_B_values) return (a, b, c) 3.2. Reducing the Sensor Data
Communication Overhead in the
SD-SPDZ Protocol
triple generation in the SPDZ preprocessing phase is an advanced topic in secure multi-party computation, and this approach is at the core of the new proposed SD-SPDZ protocol. Lab environment
The idea behind this technique is to use block ciphers, like DES, to deterministically generate shared random- The lab environment consists of a cluster-based sensor ness, which can be used to produce Beaver triples. network consisting of five sensor modules based on NUCs The high-level approach for this is: Gigabyte and control center shown in the picture below: Key Generation: Each party selects a secret key for The testing software is implemented in each sensor the block cipher (e.g., DES). module and at the cluster head (CH). The experimental
Beaver triple generation using Fixed-Key Block Ci- results are shown in the table below which describes the phers: average time in seconds to compute 10.000 triples in a WSN cluster consisting of five sensor nodes:
ing phase compared to the standard SPDZ protocol with Beaver triples and reduces the sensor data communication overhead. However, it assumes that the fixed-key block cipher has certain properties that make this method secure and that the encryption/decryption operations are performed in a secure manner.
SD-SPDZ (Sensor Data SPDZ). The proposed protocol is based on MPC SPDZ-2 protocol and proposes changes to increase the performance in the preprocessing phase by implementing a new algorithm for the Beaver triples calculation.
This protocol enhances the privacy-preserving attributes and eficiency of its predecessors. SD-SPDZ integrates advanced cryptographic techniques, ofering a more robust and scalable solution for secure computations in WSNs. The primary benefits include reduced communication overhead, faster computation times, and improved resistance against various cyberattacks.
performance sensitively and change the way sensor data is securely processed in sensor networks. It provides a promising pathway to ensure that as technology advances, the integrity and confidentiality of the data in these networks remain uncompromised.
In summary, as WSNs play an increasingly critical role in modern-day applications, the need for advanced high-performance security mechanisms such as the SDSPDZ protocol becomes more evident. This combination of cutting-edge, high-performance, secure computation with wireless sensor networks promises a future where data can be both globally accessible and privately computed, bridging the gap between performance and privacy.