On practical privacy-preserving fault-tolerant data aggregation

  • Krzysztof GriningEmail author
  • Marek Klonowski
  • Piotr Syga
Regular Contribution


In this paper, we propose a fault-tolerant privacy-preserving data aggregation protocol which utilizes limited local communication between nodes. As a starting point, we analyze the Binary Protocol presented by Chan et al. Comparing to previous work, their scheme guaranteed provable privacy of individuals and could work even if some number of users refused to participate. In our paper we demonstrate that despite its merits, their method provides unacceptably low accuracy of aggregated data for a wide range of assumed parameters and cannot be used in majority of real-life systems. To show this we use both analytic and experimental methods. On the positive side, we present a precise data aggregation protocol that provides provable level of privacy even when facing massive failures of nodes. Moreover, our protocol requires significantly less computation (limited exploiting of heavy cryptography) than most of currently known fault-tolerant aggregation protocols and offers better security guarantees that make it suitable for systems of limited resources (including sensor networks). Most importantly, our protocol significantly decreases the error (compared to Binary Protocol). However, to obtain our result we relax the model and allow some limited communication between the nodes. Our approach is a general way to enhance privacy of nodes in networks that allow such limited communication, i.e., social networks, VANETs or other IoT appliances. Additionally, we conduct experiments on real data (Facebook social network) to compare our protocol with protocol presented by Chan et al.


Data aggregation Differential privacy Fault tolerance Distributed systems Untrusted aggregator 


  1. 1.
    Beimel, A.: Secret-sharing schemes: a survey. In: Proceedings of the Third International Conference on Coding and Cryptology, IWCC’11, pp. 11–46. Springer, Berlin (2011)Google Scholar
  2. 2.
    Benaloh, J.C.: Secret sharing homomorphisms: keeping shares of a secret secret. In: Advances in Cryptology. Springer, Berlin (1987)Google Scholar
  3. 3.
    Benhamouda, F., Joye, M., Libert, B.: A new framework for privacy-preserving aggregation of time-series data. ACM Trans. Inf. Syst. Secur. (TISSEC) 18(3), 10 (2016)CrossRefGoogle Scholar
  4. 4.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC ’88, pp. 103–112. ACM, New York, NY (1988)Google Scholar
  5. 5.
    Caliskan, M., Graupner, D., Mauve, M.: Decentralized discovery of free parking places. In: Proceedings of the 3rd International Workshop on Vehicular Ad Hoc Networks, VANET ’06, pp. 30–39. ACM, New York, NY (2006)Google Scholar
  6. 6.
    Chan, H., Perrig, A., Przydatek, B., Song, D.: Sia: Secure information aggregation in sensor networks. J. Comput. Secur. 15(1), 69–102 (2007)CrossRefGoogle Scholar
  7. 7.
    Chan, T.-H.H., Shi, E., Song, D.: Optimal lower bound for differentially private multi-party aggregation. IACR Cryptology ePrint Archive 2012:373, informal publication (2012)Google Scholar
  8. 8.
    Chan, T.-H. H., Shi, E., Song, D.: Privacy-preserving stream aggregation with fault tolerance. In: Keromytis, A.D. (ed.) Financial Cryptography, volume 7397 of Lecture Notes in Computer Science, pp. 200–214. Springer, Berlin (2012)Google Scholar
  9. 9.
    Corrigan-Gibbs, H., Boneh, D.: Prio: private, robust, and scalable computation of aggregate statistics. In: NSDI, pp. 259–282 (2017)Google Scholar
  10. 10.
    Cynthia Dwork: Differential privacy: a survey of results. In: TAMC, pp. 1–19 (2008)Google Scholar
  11. 11.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Theory of Cryptography, Third Theory of Cryptography Conference, TCC 2006, March 4–7, 2006, Proceedings, pp. 265–284. New York, NY (2006)Google Scholar
  12. 12.
    Dwork, C., Roth, A.: The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9(3–4), 211–407 (2014)MathSciNetGoogle Scholar
  13. 13.
    Emura, K.: Privacy-preserving aggregation of time-series data with public verifiability from simple assumptions. In: Australasian Conference on Information Security and Privacy, pp. 193–213. Springer, Berlin (2017)Google Scholar
  14. 14.
    Feng, Y., Tang, S., Dai, G.: Fault tolerant data aggregation scheduling with local information in wireless sensor networks. Tsinghua Sci. Technol. 16(5), 451–463 (2011)CrossRefGoogle Scholar
  15. 15.
    Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.F.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) Topics in Cryptology–CT-RSA 2004, The Cryptographers’ Track at the RSA Conference 2004, San Francisco, CA, USA, February 23–27, 2004, Proceedings, volume 2964 of Lecture Notes in Computer Science, pp. 163–178. Springer, Berlin (2004)Google Scholar
  17. 17.
    Gomulkiewicz, M., Klonowski, M., Kutylowski, M.: Onions based on universal re-encryption–anonymous communication immune against repetitive attack. In: Lim, C.H., Yung, M. (ed.) Information Security Applications, 5th International Workshop, WISA 2004, Jeju Island, Korea, August 23–25, 2004, Revised Selected Papers, volume 3325 of Lecture Notes in Computer Science, pp 400–410. Springer, Berlin (2004)Google Scholar
  18. 18.
    Han, Q., Du, S., Ren, D., Zhu, H.: SAS: a secure data aggregation scheme in vehicular sensing networks. In: Proceedings of IEEE International Conference on Communications, ICC 2010, Cape Town, South Africa, 23–27 May 2010, pp 1–5. IEEE, New York (2010)Google Scholar
  19. 19.
    He, W., Liu, X., Nguyen, H., Nahrstedt, K.: A cluster-based protocol to enforce integrity and preserve privacy in data aggregation. In: ICDCS Workshops, pp. 14–19. IEEE Computer Society, New York (2009)Google Scholar
  20. 20.
    Heinzelman, W.R., Kulik, J., Balakrishnan, H.: Adaptive protocols for information dissemination in wireless sensor networks. In: Proceedings of the 5th Annual ACM/IEEE International Conference on Mobile Computing and Networking, MobiCom ’99, pages 174–185, ACM, New York, NY (1999)Google Scholar
  21. 21.
    Hermann. SOTIS–a self-organizing traffic information system. In: Proceedings of the IEEE Vehicular Technology Conference Spring, pp. 2442–2246 (2003)Google Scholar
  22. 22.
    Janson, S., Luczak, T., Rucinski, A.: Random Graphs. Wiley, New York (2011)Google Scholar
  23. 23.
    Jawurek, M., Kerschbaum, F.: Fault-tolerant privacy-preserving statistics. In: Fischer-Hubner, S., Wright, M. (eds.) Privacy Enhancing Technologies, volume 7384 of Lecture Notes in Computer Science, pp. 221–238. Springer, Berlin (2012)Google Scholar
  24. 24.
    Jawurek, M., Kerschbaum, F., Danezis, G.: Sok: Privacy Technologies for Smart Grids–ASurvey of Options. Microsoft Res, Cambridge (2012)Google Scholar
  25. 25.
    Jhumka, A., Bradbury, M., Saginbekov, S.: Efficient fault-tolerant collision-free data aggregation scheduling for wireless sensor networks. J. Parallel Distrib. Comput. 74(1), 1789–1801 (2014)CrossRefGoogle Scholar
  26. 26.
    Joye, M.: Cryptanalysis of a privacy-preserving aggregation protocol. IEEE Trans. Dependable Secure Comput. 14(6), 693–694 (2017)CrossRefGoogle Scholar
  27. 27.
    Joye, M., Libert, B.: A scalable scheme for privacy-preserving aggregation of time-series data. In: International Conference on Financial Cryptography and Data Security, pp. 111–125. Springer, Berlin (2013)Google Scholar
  28. 28.
    Larrea, M., Martin, C., Astrain, J.J.: Hierarchical and fault-tolerant data aggregation in wireless sensor networks. In: 2nd International Symposium on Wireless Pervasive Computing, 2007. ISWPC ’07 (2007)Google Scholar
  29. 29.
    Leontiadis, I., Elkhiyaoui, K., Molva, R.: Private and dynamic time-series data aggregation with trust relaxation. In: International Conference on Cryptology and Network Security, pp 305–320. Springer, Berlin (2014)Google Scholar
  30. 30.
    Leontiadis, I., Elkhiyaoui, K., Önen, M., Molva, R.: Puda–privacy and unforgeability for data aggregation. In: International Conference on Cryptology and Network Security, pp. 3–18. Springer, Berlin (2015)Google Scholar
  31. 31.
    Leskovec, J., Krevl, A.: SNAP Datasets: Stanford Large Network Dataset Collection (2014).
  32. 32.
    Madden, S., Franklin, M.J., Hellerstein, J.M., Hong, W.: Tag: A tiny aggregation service for ad-hoc sensor networks. SIGOPS Oper. Syst. Rev. 36(SI), 131–146 (2002)CrossRefGoogle Scholar
  33. 33.
    McAuley, J.J., Leskovec, J.: Learning to discover social circles in ego networks. In: NIPS, volume 2012, pp. 548–56 (2012)Google Scholar
  34. 34.
    Mironov, I., Pandey, O., Reingold, O., Vadhan, S.P.: Computational differential privacy. In: 29th Annual International Cryptology Conference Advances in Cryptology–CRYPTO 2009, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp. 126–142 (2009)Google Scholar
  35. 35.
    Mohanty, S., Jena, D.: Secure data aggregation in vehicular-adhoc networks: a survey. Proced. Technol. 6, 922–929 (2012). 2nd International Conference on Communication, Computing and Security [ICCCS-2012]CrossRefGoogle Scholar
  36. 36.
    Nadeem, T., Dashtinezhad, S., Liao, C., Iftode, L.: Trafficview: traffic data dissemination using car-to-car communication. SIGMOBILE Mob. Comput. Commun. Rev. 8(3), 6–19 (2004)CrossRefGoogle Scholar
  37. 37.
    Papadopoulos, S., Kiayias, A., Papadias, D.: Exact in-network aggregation with integrity and confidentiality. IEEE Trans. Knowl. Data Eng. 24(10), 1760–1773 (2012)CrossRefGoogle Scholar
  38. 38.
    PDA: Privacy-preserving data aggregation in wireless sensor networks (2007)Google Scholar
  39. 39.
    Pinelis, I.: Characteristic function of the positive part of a random variable and related results, with applications. Stat. Probab. Lett. 106, 281–286 (2015)MathSciNetCrossRefGoogle Scholar
  40. 40.
    Rastogi, V., Nath, S.: Differentially private aggregation of distributed time-series with transformation and encryption. In: Proceedings of the 2010 ACM SIGMOD International Conference on Management of Data, SIGMOD ’10, pp. 735–746, ACM, New York, NY (2010)Google Scholar
  41. 41.
    Rivas, D.A., Barceló-Ordinas, J.M., Zapata, M.G., Morillo-Pozo, J.D.: Security on VANETs: privacy, misbehaving nodes, false information and secure data aggregation. J. Netw. Comput. Appl. 34(6), 1942–1955 (2011)CrossRefGoogle Scholar
  42. 42.
    Rottondi, C., Verticale, G., Krauss, C.: Distributed privacy-preserving aggregation of metering data in smart grids. IEEE J. Sel. Areas Commun. (JSAC)–JSAC Smart Grid Commun. Ser. 31, 1342–1354 (2013)CrossRefGoogle Scholar
  43. 43.
    Roy, S., Conti, M., Setia, S., Jajodia, S.: Secure data aggregation in wireless sensor networks: filtering out the attacker’s impact. Trans. Info. For. Sec. 9(4), 681–694 (2014)CrossRefGoogle Scholar
  44. 44.
    Shi, E., Chow, R., Chan, T.-H.H., Song, D., Rieffel, E.: Privacy-preserving aggregation of time-series data. In: In NDSS (2011)Google Scholar
  45. 45.
    Wischhof, L., Ebner, A., Rohling, H.: Information dissemination in self-organizing intervehicle networks. IEEE Trans. Intell. Transp. Syst. 6(1), 90–101 (2005)CrossRefGoogle Scholar
  46. 46.
    WolframResearch. Hypergeometric2F1. From WolframResearch (2011).

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Krzysztof Grining
    • 1
    Email author
  • Marek Klonowski
    • 1
  • Piotr Syga
    • 1
  1. 1.Department of Computer Science, Faculty of Fundamental Problems of TechnologyWroclaw University of Science and TechnologyWroclawPoland

Personalised recommendations