a near-optimal source location privacy scheme for wireless ... · integer linear programming modeli...

WARWICKA Near-Optimal Source Location Privacy Schemefor Wireless Sensor Networks

Matthew Bradbury and Arshad Jhumka TrustCom 2017

Outline

1. Introduction

2. Privacy and Attacker Models

3. Integer Linear Programming Model and Results

4. Near-optimal Heuristic

5. Conclusions

What is a Wireless Sensor Network?

A wireless sensor network (WSN) is a collection of computingdevices called nodes, they have:

I a short range wireless radio

I an array of sensors such as light, heat and humidity

I a simple low powered CPU

I a battery with limited power supply

Applications include:

I Tracking

I Monitoring (Environment, Assets, . . . )

What is Context Privacy?

I Privacy threats can be classified as either content-based or context-based

I Content-based threats have been widely addressed (using cryptography)

I Context-based threats are variedI Location of event sourceI Location of base stationI Time at which the event occurred

I We focus on protecting the location context of the event source

BaseStation Source

The Problem of Source Location Privacy (SLP)

Given:

I A WSN that detects valuable assets

I A node broadcasting information about an asset

Found:

I An attacker can find the source nodeby backtracking the messages sent through the network.

I So by deploying a network to monitor a valuableasset, a way has been provided for it to be captured.

The Problem:

I Panda-Hunter Game

I Difficult

Privacy Model

Aim of an SLP protocol: Prevent the attacker from capturing an asset through information theWSN leaks.

I A stationary asset cannot be protected as an attacker can perform an exhaustive search.

I A mobile asset will only stay in detection range of a WSN node for a certain amount oftime.

I The SLP problem can only be considered when it is time-bounded.

I The safety period is how long the asset will be protected for.

Attacker Model

Aim of an Attacker: to reach the source within the safety period.

The attacker:

I is present in the network

I is mobile

I has a limited range

I starts at the sink

I follows the first new packet it receives

How to Develop a Technique?

Previous approaches: Have idea → implement it → test performanceI Developed solutions have had good properties proven about them

I Optimal solutions have been found for global attackers

Better approach:Find optimal solution → create heuristic with similar output → test performance

I Performance needs to be tested as the optimal solution may not be implementable

I Optimal solution doesn’t give optimal algorithm, so some creativity is still needed todevelop a heuristic

I Can use different optimality measures to look for different solutions

Integer Linear Programming Model I

I Integer Linear Programming (ILP) allows an optimal solution to be found to certainproblems

I Express SLP-aware routing as an ILP optimisation problem

I A solution is obtained using IBM’s ILOG CPLEX

Aim to obtain the best utility for this objective function:

maximise The distance from the attacker’s final position to the source

subject to Routing Constraints ctR1 to ctR6,

Attacker Constraints ctA1 to ctA7.

(1)

Integer Linear Programming Model II

ctR1 At t = 0, no messages are broadcasted.

ctR2 From t > 0, each source node generates a message every Psrc until the safety period isreached.

ctR3 A node sends one message or no messages in a time slot.

ctR4 Once a message is broadcasted by a node it is not broadcasted by that node again.

ctR5 A node can broadcast a message only after a neighbour broadcasted that message in aprevious time slot.

ctR6 All messages sent by the source(s) must reach the sink.

Integer Linear Programming Model III

ctA1 At t = 0 the attacker moves from the attacker’s starting position to that same position.

ctA2 The attacker makes exactly one move each time slot.

ctA3 A move must be from the attacker’s current location.

ctA4 If the attacker moves to n from m at time τ , then it must be because at time τ the noden broadcasted a message.

ctA5 If the attacker receives a message that it has not previously moved in response to, thenthe attacker moves in response to that message.

ctA6 If the attacker moved in response to a message at time τ , then at no time τ ′ > τ will theattacker move in response to that message again.

ctA7 If no neighbour broadcasts a message the attacker stays where it is.

Model Result I

I Source at node 1 (top left)

I Sink at node 13 (centre)

I Attacker starts at the sink(centre)

I 9 slots per second

I 7 Messages sent

I Source Period 1 second/msg

I Safety Period of 7 seconds

Model Result II

1

142

42

50

50

51

51

54

55

55 59

59

63 63

63

1 2 3 4 5

6 7 8 9 10

11 12 13 14 15

16 17 18 19 20

21 22 23 24 25

10

10

32

32

36

36

40

40

41

46

46

50

50

52

52

53

53

54

54

60

61

61

62

62

62

1 2 3 4 5

6 7 8 9 10

11 12 13 14 15

16 17 18 19 20

21 22 23 24 25

19

19

46

46

54

54

54

55

55 55

57 57

57

62

62

1 2 3 4 5

6 7 8 9 10

11 12 13 14 15

16 17 18 19 20

21 22 23 24 25

28

28

52

52 53

53

53

54

54 54

1 2 3 4 5

6 7 8 9 10

11 12 13 14 15

16 17 18 19 20

21 22 23 24 25

37

37

46

46

47

47

50

50

52

56

56 57

57

58 58

58

1 2 3 4 5

6 7 8 9 10

11 12 13 14 15

16 17 18 19 20

21 22 23 24 25

46

46

51

51

52

52

53

53

54

54

54

56

56

56

57

5757

61

61

62

1 2 3 4 5

6 7 8 9 10

11 12 13 14 15

16 17 18 19 20

21 22 23 24 25

55

55

57

57

58

58

59

59

59

60

60

60

1 2 3 4 5

6 7 8 9 10

11 12 13 14 15

16 17 18 19 20

21 22 23 24 25 0 1 2 3 4 5 6 7 8 9Minimum Source Distance (hops)

0

10

20

30

40

50

60

70

Tim

e (

slots

)

4

3 51 2

6

13

1217 18 23

24 25

Inspired Heuristic

I Implementing the optimal solution requires global knowledge, so is unsuitable for a WSN.

I A heuristic was implemented instead based on these observations:

1. The routing path should go around the sink and approach from the opposite direction tothe source.

2. Some routes should take the shortest path from the source to the sink.

3. Messages should be delayed so multiple messages are grouped together.

4. Messages should be delayed as late as possible with respect to the safety period.

Routing Algorithm

1. AvoidSink: In this first stage messagesare routed around the sink.

2. Backtrack: Messages may end upattempting to go towards the sink andnot having any valid routes, so they needto backtrack.

3. ToSink: Once a message has finishedrouting to avoid the sink it needs to bedelivered to the sink.

4. FromSink: Finally, the message is sent ina starburst from the sink.

Results – Receive Ratio

Msg Group Size 1 Msg Group Size 2 Msg Group Size 3 Msg Group Size 4

0

20

40

60

80

100

11 15 21 25

Rece

ive

Ratio

(%)

Network Size

(a) Source Period 2.0 seconds

0

20

40

60

80

100

11 15 21 25

Rece

ive

Ratio

(%)

Network Size

(b) Source Period 0.25 seconds

Results – Capture Ratio


0 1 2 3 4 5 6 7 8 9

11 15 21 25

Capt

ure

Ratio

(%)

Network Size


0 1 2 3 4 5 6 7 8 9

11 15 21 25

Capt

ure

Ratio

(%)

Network Size


Results – Messages Sent per Second


0

50

100

150

200

250

300

11 15 21 25

Tota

l Mes

sage

s Se

nt p

er S

econ

d

Network Size


0

50

100

150

200

250

300

11 15 21 25

Tota

l Mes

sage

s Se

nt p

er S

econ

d

Network Size


Results – Message Latency


0 500

1000 1500 2000 2500 3000 3500 4000

11 15 21 25

Norm

al M

essa

ge L

aten

cy (m

s)

Network Size


0 500

1000 1500 2000 2500 3000 3500 4000

11 15 21 25

Norm

al M

essa

ge L

aten

cy (m

s)

Network Size


Discussion

I A different objective function could be optimised for, such as:I LatencyI Messages Sent

I High latency may make this technique unsuitable for some applicationsI for military it may be too highI for animal monitoring it should be acceptable

I Different contraints could be usedI We require delivery of all messages, some applications may not require this

I The ILP model could be extended to support other SLP techniques (e.g., fake sources)

Summary

I Presented a way to model SLP-aware routing as an ILP optimisation problem

I Obtained an optimal solution from that model

I Implemented a near-optimal heuristic based on the optimal model result

I 1% capture ratio can be achieved by trading off for a higher latency

Thank You for Listening

Any Questions?

0.0: 0.1: 0.2: 0.3: 0.4: 0.5: 0.6: 0.7: 0.8: 0.9: 0.10: 0.11: 0.12: 0.13: 0.14: 0.15: 0.16: 0.17: 0.18: 0.19: 0.20: 0.21: 0.22: 0.23: 0.24: 0.25: 0.26: 0.27: 0.28: 0.29: 0.30: 0.31: 0.32: 0.33: 0.34: 0.35: 0.36: 0.37: 0.38: 0.39: 0.40: 0.41: 0.42: 0.43: 0.44: 0.45: 0.46: 0.47: 0.48: 0.49: 0.50: 0.51: 0.52: 0.53: 0.54: 0.55: 0.56: 0.57: 0.58: 0.59: 0.60: 0.61: 0.62: 0.63: anm0: fd@rm@0:

a near-optimal source location privacy scheme for wireless ... · integer linear programming modeli...

Documents