Enhancing Source-Location Privacy in Sensor Network Routing

P.Kamat, Y. Zhang, W. Trappe, C. OzturkIn Proceedings of the 25th IEEE International Conference on Distributed Computing Systems

Natalia Stakhanovacs610

Sensor networks

Security threats concerns with data security

necessity to protect content of the data packages transferred through the network

privacy threats associated with sensors devices necessity to secure the transmission of the data,

for ex. location of the sensor node providing particular information

Presented work addresses this issue

Example: pander-hunter game

Sensors are monitoring the habitat of pandas once panda is observed - the information is

reported to the base station hunter desires to capture panda

Assumptions one panda, one hunter and one base station hunter is equipped with rich memory and

power resources and is able to identify the immediate sender knowing signal strength and the angle of the arrived message

Privacy metrics

the safety period number of messages initiated by the

sensor monitoring the panda.

the capture likelihood the probability that hunter can

capture panda within a specified time period.

Considered routing protocols

Two baseline techniques flooding

message is broadcasted to all neighbors single-path routing

message is routed to one of the neighbors

Improvements for these techniques each technique is associated with

behavioral hunter model

Performance: baseline routing protocols

Patient hunter model

• hunter waits at the base station for message • moves to the immediate sender of that message• repeats until reaches the source node

• The safety period is the same as the length of the shortest routing path.

single-path routing

flooding

• The capture likelihood is high with single source routing, much lower with probabilistic routing

Improvement: routing with fake sources

introduce new sources that inject fake messages into the network

two challenges: How to chose fake source Rate of fake messaging

Routing with fake sources

Fake source source is h hops away, sends message to the

sink sink sends a message into opposite direction once message reached node in h hops away

from sink it becomes a fake source

Rate of fake messaging Slow rate →hunter finds the real source fast

At the rate of the real messaging → hunter struggles between fake and real source

High rate → hunter is kept at the fake source

fake source

real source

Performance: routing with fake sources

Fast speed of fake messaging provides good privacy!

… But it won’t work for more sophisticated hunter

Perceptive hunter model

• hunter is able to detect deception • for ex. can keep the history of visited nodes

Improvement: phantom routing

Introduces two phases: random walk

message is routed in random fashion for h hops

flooding/single-path routing

after h hops message is routed using baseline technique

Random walk

Flooding

Phantom routing: further improvement

Pure random walk might not be efficient → directed random walk

a sector based directed random walk each node partitions neighbors into two sets

S1, S2 (for ex. east/west) if message is sent to node in S1, then every

node forwards it to the neighbors in set S1 only

a hop-based directed random walk must know the hop count between sink and all

nodes partition node into 2 sets: with hop count <

mine and > mine

Performance: phantom routing

Safety period for phantom single-source routing is higher than for phantom flooding

single-path routing

flooding

Why: • probability in single-source

routing that message will intersect hunter’s path is small

• in flooding this probability is still large

Performance: phantom routing

The capture likelihood - number of transmissions per message increases linearly for both techniques

single-path routing

flooding

However • Safety period increase is

more dramatic • So combined -> more

privacy

Performance: phantom routing

Caution hunter model hunter limits its listening time at node after timeout hunter returns to the previous node

However … does not provide more benefits hunter does not make much progress towards the real

source Safety period is higher, while capture likelihood is lower

Privacy in mobile sensor network

Mobility adds privacy Fast moving panda alone is sufficient to

provide source privacy using single-source routing

In phantom routing the privacy increases

Conclusion

Majority of the research efforts are focused on data security

There are some works on protecting privacy associated with network devices not appropriate for sensor networks

This is one of the first efforts to address sensor location privacy in sensor network

???