KIPDA: K-indistinguishable privacy-preserving data aggregation in wireless sensor networks

When wireless sensor networks accumulate sensitive or confidential data, privacy becomes an important concern. Sensors are often resource-limited and power-constrained, and data aggregation is commonly used to address these issues. However, providing privacy without disrupting in-network data aggregation is challenging. Although privacy-preserving data aggregation for additive and multiplicative aggregation functions has been studied, nonlinear aggregation functions such as maximum and minimum have not been well addressed. We present KIPDA, a privacy-preserving aggregation method, which we specialize for maximum and minimum aggregation functions. KIPDA obfuscates sensitive measurements by hiding them among a set of camouflage values, enabling k-indistinguishability for data aggregation. In principle, KIPDA can be used to hide a wide range of aggregation functions, although this paper considers only maximum and minimum. Because the sensitive data are not encrypted, it is easily and efficiently aggregated with minimal in-network processing delay. We quantify the efficiency of KIPDA in terms of power consumption and time delay, studying tradeoffs between the protocol's effectiveness and its resilience against collusion.