Celal Öztürk,Yanyong Zhang,Wade Trappe

DOI: https://doi.org/10.1145/1029102.1029117

2004-01-01

Abstract:As sensor-driven applications become increasingly integrated into our lives, issues related to sensor privacy will become increasingly important. Although many privacy-related issues can be addressed by security mechanisms, one sensor network privacy issue that cannot be adequately addressed by network security is confidentiality of the source sensor's location. In this paper, we focus on protecting the source's location by introducing suitable modifications to sensor routing protocols to make it difficult for an adversary to backtrack to the origin of the sensor communication. In particular, we focus on the class of flooding protocols. While developing and evaluating our privacy-aware routing protocols, we jointly consider issues of location-privacy as well as the amount of energy consumed by the sensor network. Motivated by the observations, we propose a flexible routing strategy, known as phantom routing, which protects the source's location. Phantom routing is a two-stage routing scheme that first consists of a directed walk along a random direction, followed by routing from the phantom source to the sink. Our investigations have shown that phantom routing is a powerful technique for protecting the location of the source during sensor transmissions.

P Kamat,YY Zhang,W Trappe,C Ozturk

DOI: https://doi.org/10.1109/icdcs.2005.31

2005-01-01

Abstract:One of the most notable challenges threatening the successful deployment of sensor systems is privacy. Although many privacy-related issues can be addressed by security mechanisms, one sensor network privacy issue that cannot be adequately addressed by network security is source-location privacy. Adversaries may use RF localization techniques to perform hop-by-hop traceback to the source sensor's location. This paper provides a formal model for the source-location privacy problem in sensor networks and examines the privacy characteristics of different sensor routing protocols. We examine two popular classes of routing protocols: the class of flooding protocols, and the class of routing protocols involving only a single path from the source to the sink. While investigating the privacy performance of routing protocols, we considered the tradeoffs between location-privacy and energy consumption. We found that most of the current protocols cannot provide efficient source-location privacy while maintaining desirable system performance. In order to provide efficient and private sensor communications, we devised new techniques to enhance source-location privacy that augment these routing protocols. One of our strategies, a technique we have called phantom routing, has proven flexible and capable of protecting the source's location, while not incurring a noticeable increase in energy overhead. Further, we examined the effect of source mobility on location privacy. We showed that, even with the natural privacy amplification resulting from source mobility, our phantom routing techniques yield improved source-location privacy relative to other routing methods

Pandurang Kamat,Wenyuan Xu,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1109/icdcs.2007.146

2009-01-01

ACM Transactions on Sensor Networks

Abstract:Although the content of sensor messages describing "events of interest" may be encrypted to provide confidentiality, the context surrounding these events may also be sensitive and therefore should be protected from eavesdroppers. An adversary armed with knowledge of the network deployment, routing algorithms, and the base-station (data sink) location can infer the temporal patterns of interesting events by merely monitoring the arrival of packets at the sink, thereby allowing the adversary to remotely track the spatio-temporal evolution of a sensed event. In this paper we introduce the problem of temporal privacy for delay-tolerant sensor networks, and propose adaptive buffering at intermediate nodes on the source-sink routing path to obfuscate temporal information from the adversary. We first present the effect of buffering on temporal privacy using an information-theoretic formulation, and then examine the effect that delaying packets has on buffer occupancy. We observe that temporal privacy and efficient buffer utilization are contrary objectives, and then present an adaptive buffering strategy that effectively manages these tradeoffs. Finally, we evaluate our privacy enhancement strategies using simulations, where privacy is quantified in terms of the adversary's mean square error.

Spachos, P.,Liang Song,Hatzinakos, D.

DOI: https://doi.org/10.1109/bsc.2010.5472946

2010-01-01

Communications

Abstract:Wireless sensor networks are designed for a plethora of applications, such as unattended event monitoring and tracking. Source-privacy is one of the looming challenges that threaten successful deployment of these sensor networks, especially when they are used to monitor sensitive objects. In order to enhance source-location privacy in wireless sensor networks, we propose the use opportunistic routing schemes. In opportunistic routing, each sensor transmits the packet over a dynamic path to the destination. Every packet from the source can follow a different path toward the destination, making it difficult for an adversary to backtrack hop-by-hop to the origin of the sensor data. In the context of providing source location privacy for wireless sensor networks, the obtained simulation results demonstrate the efficiency and suitability of opportunistic routing in practical applications.

Miao Xu,Wenyuan Xu,Jason O'Kane

DOI: https://doi.org/10.1109/MASS.2011.43

2011-01-01

Abstract:Wireless sensor networks are vulnerable to various attacks and network dynamics that can breach data privacy and harm data availability. Since those threats cannot be addressed purely by cryptography-based methods, this paper presents a data dissemination scheme that can enhance two goals: data privacy and data availability, leveraging the node location diversity presented in typical wireless sensor networks rather than relying on cryptographic techniques. We demonstrate that the message content is important to quantify the uncertainty associated with data privacy and data availability, and provide content-based definitions utilizing information states. Further, to strike the balance between two conflicting goals in an energy efficient way, we construct a spatial privacy graph based on the locations of network nodes, and use a distributed coloring scheme to ensure that any pairs of nodes whose combined data provide too much information should not send their sensed data to the same storage node. Additionally, sensor nodes selectively send data to multiple storage nodes to achieve higher availability. Our experimental results show that our scheme can achieve better data privacy and a higher level of data availability at smaller energy cost than other baseline data dissemination schemes.

Petros Spachos,Liang Song,Francis M. Bui,Dimitrios Hatzinakos

DOI: https://doi.org/10.1109/iscc.2011.5983942

2011-01-01

Abstract:Wireless sensor networks (WSN) can be an attractive solution for a plethora of communication applications, such as unattended event monitoring and tracking. One of the looming challenges that threaten the successful deployment of these sensor networks is source-location privacy, especially when a network is deployed to monitor sensitive objects. In order to enhance source location privacy in sensor networks, we propose the use of an opportunistic mesh networking scheme and examine four different approaches. Each approach has different selection criteria for the next relay node. In opportunistic mesh networks, each sensor transmits the packet over a dynamic path to the destination. Every packet from the source can therefore follow a different path toward the destination, making it difficult for an adversary to backtrack hop-by-hop to the origin of the sensor communication.

Guofei Chai,Miao Xu,Wenyuan Xu,Zhiyun Lin

DOI: https://doi.org/10.1155/2012/648058

IF: 1.938

2012-01-01

International Journal of Distributed Sensor Networks

Abstract:Due to the shared nature of wireless communication media, a powerful adversary can eavesdrop on the entire radio communication in the network and obtain the contextual communication statistics, for example, traffic volumes, transmitter locations, and so forth. Such information can reveal the location of the sink around which the data traffic exhibits distinctive patterns. To protect the sink-location privacy from a powerful adversary with a global view, we propose to achieve k-anonymity in the network so that at least k entities in the network are indistinguishable to the nodes around the sink with regard to communication statistics. Arranging the location of k entities is complex as it affects two conflicting goals: the routing energy cost and the achievable privacy level, and both goals are determined by a nonanalytic function. We model such a positioning problem as a nonlinearly constrained nonlinear optimization problem. To tackle it, we design a generic-algorithm-based quasi-optimal (GAQO) method that obtains quasi-optimal solutions at quadratic time. The obtained solutions closely approximate the optima with increasing privacy requirements. Furthermore, to solve k-anonymity sink-location problems more efficiently, we develop an artificial potential-based quasi-optimal (APQO) method that is of linear time complexity. Our extensive simulation results show that both algorithms can effectively find solutions hiding the sink among a large number of network nodes.

Yanfei Fan,Jiming Chen,Xiaodong Lin,Xuemin Shen

DOI: https://doi.org/10.1109/GLOCOM.2010.5683317

2010-01-01

Abstract:Privacy threat is a very serious issue in multi-hop wireless networks (MWNs) since open wireless channels are vulnerable to malicious attacks. Source unobservability is an attractive and desirable security property for many privacy-sensitive applications, and dummy messages are most commonly used to achieve this property. However, dummy messages may incur severe performance degradation or even service denial due to the explosion of network traffic. In this paper, we propose a novel scheme, called SUNC (Source Unobservability by Network Coding), to prevent traffic explosion while achieving source unobservability. With SUNC, specially designed dummy messages can be absorbed at intermediate nodes, and, thus, traffic explosion can be naturally prevented. In addition, SUNC can offer forwarder blindness, which is an important privacy property for thwarting internal attackers. Security analysis and performance evaluation demonstrate the efficacy and efficiency of the proposed SUNC.

Wenyuan Xu,Zhenhua Liu

2012-01-01

Abstract:The open nature of wireless communication makes it easy for adversaries to either inject random signals to wireless channels harming the network availability, or eavesdrop on the communication breaching the location privacy. Those threats are challenging to cope with, because most of them cannot be addressed by traditional cryptographic methods. One of the attacks that can easily imperil the availability of networks is jamming attacks. An adversary can launch a jamming attack either by bypassing MAC-layer protocols and keeping sending packets, or by emitting radio signals to a particular channel. To cope with jamming attacks, in this dissertation, we focus on developing mechanisms to localize jammers. We examine how jammers affect networks in terms of signal strength, nodes' communication range, and network topologies, and present how to measure these jamming effects. To localize a jammer, we design an Adaptive Least-Squares-based (LSQ-based) algorithm which performs localization by exploiting the changes of communication range. Then, to further improve the localization accuracy, we propose an error minimizing framework that can localize not only one but also multiple jammers through utilizing the strength of jamming signals (JSS). To evaluate the effectiveness of our proposed localization schemes, we conducted real-world experiments using a testbed of MicaZ, and then carried out extensive performance studies in large-scale networks by simulation. Another problem that cannot be solved by traditional cryptographic method is the location privacy issue. We study this issue in wireless sensor network because the locations of the sink nodes are critically important to the viability of wireless networks, and such information can be easily determined by attackers. For instance, attackers can eavesdrop on the network communication at several spots and trace back to the sink nodes. Then, they can destroy the sink nodes physically to disable the data collection or dissemination. In this dissertation, we examine the sink location privacy problem from both the attack and defense sides. On the attack side, we present two types of Zeroing-In attacks which allow attackers to identify the sink location by estimating the hop count or the arrival time of a broadcast packet at a few spots in the network. To cope with the Zeroing-In attacks, we propose a directed-walk-based scheme and validate that it is effective in deceiving adversaries at modest energy costs.

Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Zhenhua Liu,Wenyuan Xu

DOI: https://doi.org/10.1007/s11276-011-0403-2

IF: 2.701

2011-01-01

Wireless Networks

Abstract:The viability and success of wireless sensor networks critically hinge on the ability of a small number of sinks to glean sensor data throughout the networks. Thus, the locations of sinks are critically important. In this paper, we examine the sink location privacy problem from both the attack and defense perspectives. First, we examine resource-constrained adversaries who can only eavesdrop the network at their vicinities. To determine the sink location, they can launch a Zeroing-In attack by leveraging the fact that several network metrics are 2-dimensional functions in the plane of the network, and their values minimize at the sink. Thus, determining the sink location is equivalent to finding the minima of those functions. We demonstrate that by obtaining the hop counts or the arrival time of a broadcast packet at a few spots in the network, the adversaries are able to determine the sink location with the accuracy of one radio range, which is sufficient to disable the sink by launching jamming attacks, for example. To cope with the Zeroing-In attacks, we present a directed-walk-based routing scheme and show that the defense strategy is effective in deceiving adversaries at little energy costs.

Zhenhua Liu,Wenyuan Xu

DOI: https://doi.org/10.1145/1741866.1741883

2010-01-01

Abstract:The locations of base stations are critically important to the viability of wireless sensor networks. In this paper, we examine the location privacy problem from both the attack and defense sides. We start by examining adversaries targeting at identifying the sink location using minimum amount of resources. In particular, they launch a Zeroing-In attack lever-aging the fact that several network metrics are 2-dimensional functions in the plane of the network and their values minimize at the sink. Thus, determining the sink locations is equivalent to finding the minima of those functions. We have shown that by obtaining the hop counts or the arrival time of a broadcast packet at a few spots in the network, the adversaries are able to determine the sink location with the accuracy of one radio range, sufficient to disable the sink by launching jamming attacks. To cope with the Zeroing-In attacks, we have proposed a directed-walk-based scheme and validated that the defense strategy is effective in deceiving adversaries at little energy costs.

Yanzhe Che,Qinming He,Xiaoyan Hong,Kevin Chiew

DOI: https://doi.org/10.1002/dac.2650

2013-01-01

International Journal of Communication Systems

Abstract:While enjoying various LBS location-based services, users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer-to-peer P2P networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x-region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x-region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x-region, together with three algorithms for generating an x-region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.

Mohamed M.E.A. Mahmoud,Xuemin Shen

DOI: https://doi.org/10.1109/tpds.2011.302

IF: 5.3

2012-10-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:In wireless sensor networks, adversaries can make use of the traffic information to locate the monitored objects, e.g., to hunt endangered animals or kill soldiers. In this paper, we first define a hotspot phenomenon that causes an obvious inconsistency in the network traffic pattern due to the large volume of packets originating from a small area. Second, we develop a realistic adversary model, assuming that the adversary can monitor the network traffic in multiple areas, rather than the entire network or only one area. Using this model, we introduce a novel attack called Hotspot-Locating where the adversary uses traffic analysis techniques to locate hotspots. Finally, we propose a cloud-based scheme for efficiently protecting source nodes' location privacy against Hotspot-Locating attack by creating a cloud with an irregular shape of fake traffic, to counteract the inconsistency in the traffic pattern and camouflage the source node in the nodes forming the cloud. To reduce the energy cost, clouds are active only during data transmission and the intersection of clouds creates a larger merged cloud, to reduce the number of fake packets and also boost privacy preservation. Simulation and analytical results demonstrate that our scheme can provide stronger privacy protection than routing-based schemes and requires much less energy than global-adversary-based schemes.

computer science, theory & methods,engineering, electrical & electronic

Zongqing Lu,Yonggang Wen

DOI: https://doi.org/10.1109/mass.2012.6502514

2012-01-01

Abstract:Source-location privacy became one of major issues due to the open nature of wireless sensor networks. The adversary can eavesdrop and trace the message movements so as to capture the source. In the paper, first we propose Credit routing to provide the source-location privacy protection. Credit routing is able to route the message within the assigned credit at each message and randomize the routing path. Unlike other location privacy protection schemes in WSN, Credit routing not only can provide strong protection but also precisely control the transmission cost of each message. Then, we propose Hybrid credit routing, which routes the message to the receiver through three phases: totally random walk, forwarding random walk and credit random walk. These phases provide tri-fold protection to prevent the source from being captured by the adversary. We evaluate our proposed schemes based on several metrics including safe period, latency and protection efficiency. The simulation results show that Credit is able to provide the strong and efficient protection compared with other schemes including Phantom, LPR and RRIN. It is also shown Hybrid improves the protection strength and efficiency even further. The performance of Credit and Hybrid can be tuned by the assigned credit. For real application, the credit can be the real power consumption for forwarding the message from the source to the sink. So both Credit and Hybrid can be used to precisely control the power consumption for source-location protection.

Xiaoyu Ji,Wenjun Zhu,Shilin Xiao,Wenyuan Xu

DOI: https://doi.org/10.1038/s44287-024-00073-2

2024-01-01

Abstract:Sensors are extensively used in the Internet of Things (IoT) applications, enhancing daily convenience but also raising concerns about privacy leakage. To address this, we advocate for protecting data privacy at the moment it is generated by sensors, rather than trying to secure it afterwards.

Fengyin Li,Pei Ren,Guoyu Yang,Yuhong Sun,Yilei Wang,Yanli Wang,Siyuan Li,Huiyu Zhou

DOI: https://doi.org/10.1155/2021/6670847

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Advances in machine learning (ML) in recent years have enabled a dizzying array of applications such as data analytics, autonomous systems, and security diagnostics. As an important part of the Internet of Things (IoT), wireless sensor networks (WSNs) have been widely used in military, transportation, medical, and household fields. However, in the applications of wireless sensor networks, the adversary can infer the location of a source node and an event by backtracking attacks and traffic analysis. The location privacy leakage of a source node has become one of the most urgent problems to be solved in wireless sensor networks. To solve the problem of source location privacy leakage, in this paper, we first propose a proxy source node selection mechanism by constructing the candidate region. Secondly, based on the residual energy of the node, we propose a shortest routing algorithm to achieve better forwarding efficiency. Finally, by combining the proposed proxy source node selection mechanism with the proposed shortest routing algorithm based on the residual energy, we further propose a new, anonymous communication scheme. Meanwhile, the performance analysis indicates that the anonymous communication scheme can effectively protect the location privacy of the source nodes and reduce the network overhead.

Silvija Kokalj-Filipovic,Fabrice Le Fessant,Predrag Spasojevic

DOI: https://doi.org/10.48550/arXiv.1012.0378

2010-12-02

Cryptography and Security

Abstract:In the problem of location anonymity of the events exposed to a global eavesdropper, we highlight and analyze some aspects that are missing in the prior work, which is especially relevant for the quality of secure sensing in delay-intolerant applications monitoring rare and spatially sparse events, and deployed as large wireless sensor networks with single data collector. We propose an efficient scheme for generating fake network traffic to disguise the real event notification. The efficiency of the scheme that provides statistical source location anonymity is achieved by partitioning network nodes randomly into several dummy source groups. Members of the same group collectively emulate both temporal and spatial distribution of the event. Under such dummy-traffic framework of the source anonymity protection, we aim to better model the global eavesdropper, especially her way of using statistical tests to detect the real event, and to present the quality of the location protection as relative to the adversary's strength. In addition, our approach aims to reduce the per-event work spent to generate the fake traffic while, most importantly, providing a guaranteed latency in reporting the event. The latency is controlled by decoupling the routing from the fake-traffic schedule. A good dummy source group design also provides a robust protection of event bursts. This is achieved at the expense of the significant overhead as the number of dummy source groups must be increased to the reciprocal value of the false alarm parameter used in the statistical test. We believe that the proposed source anonymity protection strategy, and the evaluation framework, are well justified by the abundance of the applications that monitor a rare event with known temporal statistics, and uniform spatial distribution.

Ju Ren,Yaoxue Zhang,Kang Liu

DOI: https://doi.org/10.1155/2013/834245

IF: 1.938

2013-01-01

International Journal of Distributed Sensor Networks

Abstract:While many protocols for sensor network security provide confidentiality for message content, contextual information usually remains exposed, which can be critical to the mission of the sensor network. In this paper, we propose an energy-efficient cyclic diversionary routing (CDR) scheme against global eavesdroppers for preserving location privacy and maximizing lifetime of wireless sensor networks (WSNs). To ensure no impact on lifetime of WSNs, we minimize the energy consumption of hotspots and generate abundant diversionary routing paths in areas far from sink. To enhance the location privacy preservation, we theoretically figure out the probability of the cyclic interference routings in different areas of the network and statistically achieve an energy consumption balance in the entire network. Analysis and simulation results show that CDR significantly improves the security in source-location privacy preservation without reducing the network lifetime.

Wei Tan,Ke Xu,Dan Wang

DOI: https://doi.org/10.1109/JIOT.2014.2346813

IF: 10.6

2014-01-01

IEEE Internet of Things Journal

Abstract:In the application field using sensor networks to monitor valuable asset, source-location anonymity is a serious concern. As a series of event packets are reported to the base station, adversaries eavesdropping on the network can backtrack to the source through traffic analysis and the RF localization techniques. This leakage of contextual information will expose sensitive or precious objects and bring down the effectiveness of sensor networks. Existing techniques such as phantom routing or source simulation are proposed to discourage the adversaries, both of which trade energy for security. In this paper, we propose a new scheme, called path extension method (PEM), providing strong protection for source-location privacy. It performs quite well even though an object occurs near the base station, while other methods cannot protect the source well in this case. In PEM, fake sources are generated dynamically after the source sends event messages to the base station, which makes it much more flexible. Fake sources form several fake paths in the network and an adversary will be induced farther away from the source if it is entrapped by any of them. The theoretical and simulation results show that PEM is efficient in protecting source-location privacy with minimal message delivery delay and acceptable overhead.