Lin Yao,Chi Lin,Xiangwei Kong,Feng Xia,Guowei Wu

DOI: https://doi.org/10.1109/GreenCom-CPSCom.2010.109

2010-01-01

Abstract:In pervasive computing environments, Location-Based Services (LBSs) are becoming increasingly important due to continuous advances in mobile networks and positioning technologies. Nevertheless, the wide deployment of LBSs can jeopardize the location privacy of mobile users. Consequently, providing safeguards for location privacy of mobile users against being attacked is an important research issue. In this paper a new scheme for safeguarding location privacy is proposed. Our approach supports location K-anonymity for a wide range of mobile users with their own desired anonymity levels by clustering. The whole area of all users is divided into clusters recursively in order to get the Minimum Bounding Rectangle (MBR). The exact location information of a user is replaced by his MBR. Privacy analysis shows that our approach can achieve high resilience to location privacy threats and provide more privacy than users expect. Complexity analysis shows clusters can be adjusted in real time as mobile users join or leave. Moreover, the clustering algorithms possess strong robustness.

Wenyuan Xu,Zhenhua Liu

2012-01-01

Abstract:The open nature of wireless communication makes it easy for adversaries to either inject random signals to wireless channels harming the network availability, or eavesdrop on the communication breaching the location privacy. Those threats are challenging to cope with, because most of them cannot be addressed by traditional cryptographic methods. One of the attacks that can easily imperil the availability of networks is jamming attacks. An adversary can launch a jamming attack either by bypassing MAC-layer protocols and keeping sending packets, or by emitting radio signals to a particular channel. To cope with jamming attacks, in this dissertation, we focus on developing mechanisms to localize jammers. We examine how jammers affect networks in terms of signal strength, nodes' communication range, and network topologies, and present how to measure these jamming effects. To localize a jammer, we design an Adaptive Least-Squares-based (LSQ-based) algorithm which performs localization by exploiting the changes of communication range. Then, to further improve the localization accuracy, we propose an error minimizing framework that can localize not only one but also multiple jammers through utilizing the strength of jamming signals (JSS). To evaluate the effectiveness of our proposed localization schemes, we conducted real-world experiments using a testbed of MicaZ, and then carried out extensive performance studies in large-scale networks by simulation. Another problem that cannot be solved by traditional cryptographic method is the location privacy issue. We study this issue in wireless sensor network because the locations of the sink nodes are critically important to the viability of wireless networks, and such information can be easily determined by attackers. For instance, attackers can eavesdrop on the network communication at several spots and trace back to the sink nodes. Then, they can destroy the sink nodes physically to disable the data collection or dissemination. In this dissertation, we examine the sink location privacy problem from both the attack and defense sides. On the attack side, we present two types of Zeroing-In attacks which allow attackers to identify the sink location by estimating the hop count or the arrival time of a broadcast packet at a few spots in the network. To cope with the Zeroing-In attacks, we propose a directed-walk-based scheme and validate that it is effective in deceiving adversaries at modest energy costs.

C Ozturk,YY Zhang,W Trappe,M Ott

DOI: https://doi.org/10.1109/wstfes.2004.1300417

2004-01-01

Abstract:Wireless sensor networks are currently being investigated for ubiquitous computing applications. Privacy is a critical issue for these networks as adversaries may be able to eavesdrop or observe the presence of sensor data to infer information that was not intended to be revealed. The devices that constitute sensor networks are low-powered, compute-constrained devices. Any privacy solution should carefully consider the tradeoffs between supporting location-privacy and energy consumption. We explore two main classes of privacy issues: content privacy and originator location privacy. Content privacy can be maintained through conventional cryptographic methods that provide data confidentiality. We briefly discuss system design techniques that are needed to prevent an adversary from correlating observations from multiple messages to infer the content of encrypted sensor readings. We then examine the issue of protecting the originating sensor's location by studying several multihop routing mechanisms for ad hoc networks. We focus our discussion on three classes of routing protocols: the class of the shortest path routing protocols, the class offloading protocols, and a hybrid class of routing.

Mohamed M.E.A. Mahmoud,Xuemin Shen

DOI: https://doi.org/10.1109/tpds.2011.302

IF: 5.3

2012-10-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:In wireless sensor networks, adversaries can make use of the traffic information to locate the monitored objects, e.g., to hunt endangered animals or kill soldiers. In this paper, we first define a hotspot phenomenon that causes an obvious inconsistency in the network traffic pattern due to the large volume of packets originating from a small area. Second, we develop a realistic adversary model, assuming that the adversary can monitor the network traffic in multiple areas, rather than the entire network or only one area. Using this model, we introduce a novel attack called Hotspot-Locating where the adversary uses traffic analysis techniques to locate hotspots. Finally, we propose a cloud-based scheme for efficiently protecting source nodes' location privacy against Hotspot-Locating attack by creating a cloud with an irregular shape of fake traffic, to counteract the inconsistency in the traffic pattern and camouflage the source node in the nodes forming the cloud. To reduce the energy cost, clouds are active only during data transmission and the intersection of clouds creates a larger merged cloud, to reduce the number of fake packets and also boost privacy preservation. Simulation and analytical results demonstrate that our scheme can provide stronger privacy protection than routing-based schemes and requires much less energy than global-adversary-based schemes.

computer science, theory & methods,engineering, electrical & electronic

Silvija Kokalj-Filipovic,Fabrice Le Fessant,Predrag Spasojevic

DOI: https://doi.org/10.48550/arXiv.1012.0378

2010-12-02

Cryptography and Security

Abstract:In the problem of location anonymity of the events exposed to a global eavesdropper, we highlight and analyze some aspects that are missing in the prior work, which is especially relevant for the quality of secure sensing in delay-intolerant applications monitoring rare and spatially sparse events, and deployed as large wireless sensor networks with single data collector. We propose an efficient scheme for generating fake network traffic to disguise the real event notification. The efficiency of the scheme that provides statistical source location anonymity is achieved by partitioning network nodes randomly into several dummy source groups. Members of the same group collectively emulate both temporal and spatial distribution of the event. Under such dummy-traffic framework of the source anonymity protection, we aim to better model the global eavesdropper, especially her way of using statistical tests to detect the real event, and to present the quality of the location protection as relative to the adversary's strength. In addition, our approach aims to reduce the per-event work spent to generate the fake traffic while, most importantly, providing a guaranteed latency in reporting the event. The latency is controlled by decoupling the routing from the fake-traffic schedule. A good dummy source group design also provides a robust protection of event bursts. This is achieved at the expense of the significant overhead as the number of dummy source groups must be increased to the reciprocal value of the false alarm parameter used in the statistical test. We believe that the proposed source anonymity protection strategy, and the evaluation framework, are well justified by the abundance of the applications that monitor a rare event with known temporal statistics, and uniform spatial distribution.

P Kamat,YY Zhang,W Trappe,C Ozturk

DOI: https://doi.org/10.1109/icdcs.2005.31

2005-01-01

Abstract:One of the most notable challenges threatening the successful deployment of sensor systems is privacy. Although many privacy-related issues can be addressed by security mechanisms, one sensor network privacy issue that cannot be adequately addressed by network security is source-location privacy. Adversaries may use RF localization techniques to perform hop-by-hop traceback to the source sensor's location. This paper provides a formal model for the source-location privacy problem in sensor networks and examines the privacy characteristics of different sensor routing protocols. We examine two popular classes of routing protocols: the class of flooding protocols, and the class of routing protocols involving only a single path from the source to the sink. While investigating the privacy performance of routing protocols, we considered the tradeoffs between location-privacy and energy consumption. We found that most of the current protocols cannot provide efficient source-location privacy while maintaining desirable system performance. In order to provide efficient and private sensor communications, we devised new techniques to enhance source-location privacy that augment these routing protocols. One of our strategies, a technique we have called phantom routing, has proven flexible and capable of protecting the source's location, while not incurring a noticeable increase in energy overhead. Further, we examined the effect of source mobility on location privacy. We showed that, even with the natural privacy amplification resulting from source mobility, our phantom routing techniques yield improved source-location privacy relative to other routing methods

Yanzhe Che,Kevin Chiew,Xiaoyan Hong,Qinming He

DOI: https://doi.org/10.1145/2442810.2442820

2012-01-01

Abstract:ABSTRACTThere is a potential privacy breach when users access various location-based social applications on a mobile social network (MSN), e.g., sharing locations with friends. To preserve location privacy, one of the most common methods is to use a coarse or fake location instead of a user's exact location. However, most of these previous approaches only provide geometric strategies without considering the semantic context of the geographical locations. For example, if a cloaked region contains a part of a lake, where no boats are allowed, an adversary can easily prune the cloaked region to a smaller range covering a user's actual location. In this paper, we propose SALS, a semantics-aware location sharing framework based on cloaking zone for an MSN environment. By considering a user's social relations and activities which are available in an MSN environment, SALS does not assume any trustworthy entities, including strangers, friends or any third parties. As a solution, SALS enables users to cooperate with each other, in a Peer-to-Peer (P2P) way, to generate the cloaking zones, which will be used instead of the actual locations. Different from the previous cloaking techniques, SALS considers the semantic location which can influence the distribution probability of a user's locations. We also propose metrics for measuring the quality of the cloaking zone. The evaluation shows that our method can well defend the semantic-location attack.

Pandurang Kamat,Wenyuan Xu,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1109/icdcs.2007.146

2009-01-01

ACM Transactions on Sensor Networks

Abstract:Although the content of sensor messages describing "events of interest" may be encrypted to provide confidentiality, the context surrounding these events may also be sensitive and therefore should be protected from eavesdroppers. An adversary armed with knowledge of the network deployment, routing algorithms, and the base-station (data sink) location can infer the temporal patterns of interesting events by merely monitoring the arrival of packets at the sink, thereby allowing the adversary to remotely track the spatio-temporal evolution of a sensed event. In this paper we introduce the problem of temporal privacy for delay-tolerant sensor networks, and propose adaptive buffering at intermediate nodes on the source-sink routing path to obfuscate temporal information from the adversary. We first present the effect of buffering on temporal privacy using an information-theoretic formulation, and then examine the effect that delaying packets has on buffer occupancy. We observe that temporal privacy and efficient buffer utilization are contrary objectives, and then present an adaptive buffering strategy that effectively manages these tradeoffs. Finally, we evaluate our privacy enhancement strategies using simulations, where privacy is quantified in terms of the adversary's mean square error.

Spachos, P.,Liang Song,Hatzinakos, D.

DOI: https://doi.org/10.1109/bsc.2010.5472946

2010-01-01

Communications

Abstract:Wireless sensor networks are designed for a plethora of applications, such as unattended event monitoring and tracking. Source-privacy is one of the looming challenges that threaten successful deployment of these sensor networks, especially when they are used to monitor sensitive objects. In order to enhance source-location privacy in wireless sensor networks, we propose the use opportunistic routing schemes. In opportunistic routing, each sensor transmits the packet over a dynamic path to the destination. Every packet from the source can follow a different path toward the destination, making it difficult for an adversary to backtrack hop-by-hop to the origin of the sensor data. In the context of providing source location privacy for wireless sensor networks, the obtained simulation results demonstrate the efficiency and suitability of opportunistic routing in practical applications.

Miao Xu,Wenyuan Xu,Jason O'Kane

DOI: https://doi.org/10.1109/MASS.2011.43

2011-01-01

Abstract:Wireless sensor networks are vulnerable to various attacks and network dynamics that can breach data privacy and harm data availability. Since those threats cannot be addressed purely by cryptography-based methods, this paper presents a data dissemination scheme that can enhance two goals: data privacy and data availability, leveraging the node location diversity presented in typical wireless sensor networks rather than relying on cryptographic techniques. We demonstrate that the message content is important to quantify the uncertainty associated with data privacy and data availability, and provide content-based definitions utilizing information states. Further, to strike the balance between two conflicting goals in an energy efficient way, we construct a spatial privacy graph based on the locations of network nodes, and use a distributed coloring scheme to ensure that any pairs of nodes whose combined data provide too much information should not send their sensed data to the same storage node. Additionally, sensor nodes selectively send data to multiple storage nodes to achieve higher availability. Our experimental results show that our scheme can achieve better data privacy and a higher level of data availability at smaller energy cost than other baseline data dissemination schemes.

Guofei Chai,Miao Xu,Wenyuan Xu,Zhiyun Lin

DOI: https://doi.org/10.1155/2012/648058

IF: 1.938

2012-01-01

International Journal of Distributed Sensor Networks

Abstract:Due to the shared nature of wireless communication media, a powerful adversary can eavesdrop on the entire radio communication in the network and obtain the contextual communication statistics, for example, traffic volumes, transmitter locations, and so forth. Such information can reveal the location of the sink around which the data traffic exhibits distinctive patterns. To protect the sink-location privacy from a powerful adversary with a global view, we propose to achieve k-anonymity in the network so that at least k entities in the network are indistinguishable to the nodes around the sink with regard to communication statistics. Arranging the location of k entities is complex as it affects two conflicting goals: the routing energy cost and the achievable privacy level, and both goals are determined by a nonanalytic function. We model such a positioning problem as a nonlinearly constrained nonlinear optimization problem. To tackle it, we design a generic-algorithm-based quasi-optimal (GAQO) method that obtains quasi-optimal solutions at quadratic time. The obtained solutions closely approximate the optima with increasing privacy requirements. Furthermore, to solve k-anonymity sink-location problems more efficiently, we develop an artificial potential-based quasi-optimal (APQO) method that is of linear time complexity. Our extensive simulation results show that both algorithms can effectively find solutions hiding the sink among a large number of network nodes.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Yi Ouyang,Zhengyi Le,Guanling Chen,James Ford,Fillia Makedon

DOI: https://doi.org/10.1109/wowmom.2006.40

2006-01-01

Abstract:Sensor networks are used in a variety of application areas for diverse problems from habitat monitoring to military tracking. Whenever they are used to monitor sensitive objects, the privacy of monitored objects' locations becomes an important concern. When a sensor reports a monitored object by sending a series of messages through the sensor network, the route these messages take in theory creates a trail leading back to their source. By eavesdropping on communications, an attacker may be able to move from node to node to follow this trail. Several approaches aimed at discouraging this kind of eavesdropping have been proposed, including mechanisms for constructing "phantom" routes and approaches that insert fake sources as background noise. A problem with existing approaches is that message latencies become larger and energy costs become higher as a result of introducing protections for the privacy of a source location. This paper proposes a new cyclic entrapment method (CEM) that protects source locations in sensor networks while adding a comparatively low cost in terms of additional message latency and energy

Petros Spachos,Liang Song,Francis M. Bui,Dimitrios Hatzinakos

DOI: https://doi.org/10.1109/iscc.2011.5983942

2011-01-01

Abstract:Wireless sensor networks (WSN) can be an attractive solution for a plethora of communication applications, such as unattended event monitoring and tracking. One of the looming challenges that threaten the successful deployment of these sensor networks is source-location privacy, especially when a network is deployed to monitor sensitive objects. In order to enhance source location privacy in sensor networks, we propose the use of an opportunistic mesh networking scheme and examine four different approaches. Each approach has different selection criteria for the next relay node. In opportunistic mesh networks, each sensor transmits the packet over a dynamic path to the destination. Every packet from the source can therefore follow a different path toward the destination, making it difficult for an adversary to backtrack hop-by-hop to the origin of the sensor communication.

Celal Öztürk,Yanyong Zhang,Wade Trappe

DOI: https://doi.org/10.1145/1029102.1029117

2004-01-01

Abstract:As sensor-driven applications become increasingly integrated into our lives, issues related to sensor privacy will become increasingly important. Although many privacy-related issues can be addressed by security mechanisms, one sensor network privacy issue that cannot be adequately addressed by network security is confidentiality of the source sensor's location. In this paper, we focus on protecting the source's location by introducing suitable modifications to sensor routing protocols to make it difficult for an adversary to backtrack to the origin of the sensor communication. In particular, we focus on the class of flooding protocols. While developing and evaluating our privacy-aware routing protocols, we jointly consider issues of location-privacy as well as the amount of energy consumed by the sensor network. Motivated by the observations, we propose a flexible routing strategy, known as phantom routing, which protects the source's location. Phantom routing is a two-stage routing scheme that first consists of a directed walk along a random direction, followed by routing from the phantom source to the sink. Our investigations have shown that phantom routing is a powerful technique for protecting the location of the source during sensor transmissions.

Zongqing Lu,Yonggang Wen

DOI: https://doi.org/10.1109/mass.2012.6502514

2012-01-01

Abstract:Source-location privacy became one of major issues due to the open nature of wireless sensor networks. The adversary can eavesdrop and trace the message movements so as to capture the source. In the paper, first we propose Credit routing to provide the source-location privacy protection. Credit routing is able to route the message within the assigned credit at each message and randomize the routing path. Unlike other location privacy protection schemes in WSN, Credit routing not only can provide strong protection but also precisely control the transmission cost of each message. Then, we propose Hybrid credit routing, which routes the message to the receiver through three phases: totally random walk, forwarding random walk and credit random walk. These phases provide tri-fold protection to prevent the source from being captured by the adversary. We evaluate our proposed schemes based on several metrics including safe period, latency and protection efficiency. The simulation results show that Credit is able to provide the strong and efficient protection compared with other schemes including Phantom, LPR and RRIN. It is also shown Hybrid improves the protection strength and efficiency even further. The performance of Credit and Hybrid can be tuned by the assigned credit. For real application, the credit can be the real power consumption for forwarding the message from the source to the sink. So both Credit and Hybrid can be used to precisely control the power consumption for source-location protection.

Wei Tan,Ke Xu,Dan Wang

DOI: https://doi.org/10.1109/JIOT.2014.2346813

IF: 10.6

2014-01-01

IEEE Internet of Things Journal

Abstract:In the application field using sensor networks to monitor valuable asset, source-location anonymity is a serious concern. As a series of event packets are reported to the base station, adversaries eavesdropping on the network can backtrack to the source through traffic analysis and the RF localization techniques. This leakage of contextual information will expose sensitive or precious objects and bring down the effectiveness of sensor networks. Existing techniques such as phantom routing or source simulation are proposed to discourage the adversaries, both of which trade energy for security. In this paper, we propose a new scheme, called path extension method (PEM), providing strong protection for source-location privacy. It performs quite well even though an object occurs near the base station, while other methods cannot protect the source well in this case. In PEM, fake sources are generated dynamically after the source sends event messages to the base station, which makes it much more flexible. Fake sources form several fake paths in the network and an adversary will be induced farther away from the source if it is entrapped by any of them. The theoretical and simulation results show that PEM is efficient in protecting source-location privacy with minimal message delivery delay and acceptable overhead.

Fengyin Li,Pei Ren,Guoyu Yang,Yuhong Sun,Yilei Wang,Yanli Wang,Siyuan Li,Huiyu Zhou

DOI: https://doi.org/10.1155/2021/6670847

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Advances in machine learning (ML) in recent years have enabled a dizzying array of applications such as data analytics, autonomous systems, and security diagnostics. As an important part of the Internet of Things (IoT), wireless sensor networks (WSNs) have been widely used in military, transportation, medical, and household fields. However, in the applications of wireless sensor networks, the adversary can infer the location of a source node and an event by backtracking attacks and traffic analysis. The location privacy leakage of a source node has become one of the most urgent problems to be solved in wireless sensor networks. To solve the problem of source location privacy leakage, in this paper, we first propose a proxy source node selection mechanism by constructing the candidate region. Secondly, based on the residual energy of the node, we propose a shortest routing algorithm to achieve better forwarding efficiency. Finally, by combining the proposed proxy source node selection mechanism with the proposed shortest routing algorithm based on the residual energy, we further propose a new, anonymous communication scheme. Meanwhile, the performance analysis indicates that the anonymous communication scheme can effectively protect the location privacy of the source nodes and reduce the network overhead.

Fillia S. Makedon,Yi Ouyang

DOI: https://doi.org/10.1349/ddlp.3308

2008-01-01

Abstract:Sensor networks are used in many realtime applications for collecting information from monitored environments and objects, such as moving vehicle tracking, battlefield reconnaissance, and habitat monitoring. Sensor networks are often deployed in applications that involve humans. Whenever people become actively involved, privacy concerns become more important. Protecting privacy means preventing private and sensitive information from being compromised. Protecting privacy focuses on preventing both intentional and unintentional leakage of private information in public data. Before public data can be made publicly available, there need to be mechanisms that either obscure private information derivable from it or restrict access to it. Because of the open medium of wireless sensor networks, data transmitted in the network can easily be eavesdropped by adversaries. Data collected by sensor networks are often used by someone other than the people who participate in the sensor networks. All these properties of sensor networks make privacy concerns more urgent. In this thesis, we discuss the privacy issues in sensor network applications and propose several methods to mitigate the leakage of private information in sensor networks applications.In sensor network applications, privacy includes both communication privacy and information privacy. Communication privacy means the privacy of both parties to communications in the network, such as protection of their identities. Information privacy means private information in the data being transmitted in the network, such as location information. In this thesis, we propose multiple methods to address both the communication privacy problem and the information privacy problem. Performance of these algorithms is analyzed through theoretical analysis and evaluated by experiments.

Yajun Yang,Hong Gao,Jianzhong Li,Shengfei Shi

2013-01-01

Abstract:A technical problem central to wireless sensor networks is location verification: how to accurately detect sensors' location information that are damaged or deliberately compromised. The need for this is evident in, e.g., battleground surveillance, where compromised sensors may incur severe damage. Previous approaches to tackling this problem are mostly centralized: a sensor node is designated as the sink, which collects location information from all nodes, conducts analysis and detects possible attacks. These, however, have to bear with prolonged response time, high energy consumption and low reliability. This paper proposes a novel location verification scheme named LPV. In contrast to previous approaches, LPV is distributed: the falsified locations of sensors are detected by conducting evaluation analysis on information of their neighboring nodes. We show that in LPV, it suffices to detect malicious nodes when each sensor only collects the information of neighboring nodes within one hops. Another advantage of LPV is, it consider the impact of localization error. We proposed a kernel-based approach that approximates the distribution of the localization results. We evaluate the correctness of distribution to detect localization attack. We verify, via formal analysis and experimental study in various settings, that LPV has performance comparable to centralized approaches in accurately identifying falsified sensors with higher reliability.