View article

In-network aggregation is an efficient and scalable distributed approach to global state approximation. However, security remains an open problem in such systems, especially when we consider dynamic network effects, such as mobility, packet loss and churn. In this paper, we consider the reseilience of the top-k aggregate to manipulation by active insider adversaries. Unfortunately, this versatile aggregation function is inherently insecure. We propose a simple, low-overhead solution to the problem of preserving aggregate integrity which leverages the principles of trusted systems. The solution we propose is generally applicable, even to the challenging problem of securing distributed aggregation in a dynamic network.