Sensor node/ Sink hiding (Privacy)

Syed Safdar Ali Shah FA11-PCS-004

Agenda
Motivations Overview (Security factors) Techniques Problem Statement

Motivations
Privacy in a network consists of not only the privacy of the message content but also the privacy of the source and destination locations

Motivations
Applications like military surveillance and target tracking provide incentives to adversaries to eavesdrop on network traffic to obtain valuable intelligence. The adversary may decide to deploy his own set of sensor nodes to monitor the communication in the target network.

GENERAL SECURITY Factors

Wireless networks are inherently more vulnerable than their wired counterparts. Notable factors contributing to security problems include the following: Channel - Wireless usually involve broadcast communication, which makes eavesdropping and jamming easier. Mobility - If a wireless device is affiliated with a person, tracking the device reveals that person's location. Thus privacy become a important concern.

GENERAL SECURITY Factors

Resources End host usually battery powered devices which limits computation, size of RAM and secondary storage. which open the door of denial of service attacks at battery depletion Accessibility- Some devices are generally left unattended and are places in remote locations. which increases more chances for physical attacks.

Type of Techniques

Techniques
Source Privacy Destination Privacy

Source Privacy

Protecting Location Privacy Through Path Confusion[2]

Location Privacy. The key idea underlying the perturbation algorithm is to cross paths in areas where at least two users meet. This increases the chances that an adversary would confuse the paths of different users.

PROTECTING LOCATION PRIVACY IN SENSOR NETWORKS AGAINST A GLOBAL EAVESDROPPER [3] [Thesis]

The technique prevents the leakage of location information of monitored object. two techniques that provide location privacy for destinations: periodic collection method: Every sensor node independently and periodically send packets at a reasonable frequency regardless of whether there is real data to send or not.

Conti[3]
backbone flooding approach: Packets are sent to a connected portion of the network, the backbone, instead of sending them only to a few randomly scattered destinations. Only the sensors, the backbone members, that belong to this backbone need to flood the packets so that all the sensors in the communication range of the backbone can receive them. The real destinations are located in the communication range of at least one backbone member.

Source-location privacy in energy constrained sensor network routing [4]

The flooding technique [4] requires a source node to send out each packet through numerous paths to a destination to make it difficult for an adversary to trace the source. Problem is that the destination will still receive packets from the shortest path first. The adversary can thus quickly trace the source node using backtracking. This method consumes a significant amount of energy without providing much privacy in return.

Enhancing source-location privacy in sensor network routing [5]

Kamat et al. proposes fake packet generation technique [5] in which a destination creates fake sources whenever a sender notifies the destination that it has real data to send. These fake senders are away from the real source and approximately at the same distance from the destination as the real sender. Both real and fake senders start generating packets at the same time. This scheme provides decent privacy against a local eavesdropper.

Entrapping adversaries for source protection in sensor networks [6]

Cyclic entrapment [6] creates looping paths at various places in the sensor network. This will cause a local adversary to follow these loops repeatedly and thereby increase the safety period. Energy consumption and privacy provided by this method will increase as the length of the loops increase.

Towards event source un observability with minimum network traffic in sensor networks[7]

Yang et al. propose to use proxies for the location privacy of monitored objects under a global eavesdropper [7]. The network is partitioned into cells where sensors in each cell communicate with the nearest proxy. Each cell sends traffic that follows an exponential distribution to its nearest proxy. The traffic will include dummy packets if real packets are not available. The proxies filter out dummy packets and send data to destination. All packets are appropriately encrypted so that adversary is not able to distinguish between real and dummy packets.

Protecting receiver-location privacy in wireless sensor networks [10]

Jian et al. proposed the location privacy routing protocol (LPR) for destination location privacy [10]. The LPR algorithm provides privacy to the destination with help of redundant hops and fake packets when data is sent to the destination. Each time a packet is forwarded to the next hop, the packet may move either closer or away from the destination. Along with the real data packets, sensors may generate fake packets that travel away from the destination to confuse the adversary.

Preserving Source-Location Privacy in Wireless Sensor Network using STaR Routing [11]

Two phase process. First the source node randomly selects an intermediate node at the sensor domain and routes the message to the random intermediate node. The random intermediate node services as a fake source when the message is forwarded to the SINK node. The random intermediate node would be located in a pre-determine region around the SINK node. We call this region the Sink Toroidal Region (STaR). In the second phase, the intermediate node then forwards the message to the SINK node by single-path routing.

Destination Privacy

Enhancing base station security in wireless sensor networks[8]

Deng et al. introduced a technique to protect the locations of destinations from a local eavesdropper by hashing the identification fields in packet headers.

De correlating wireless sensor network traffic to inhibit traffic analysis attacks[9]

Deng et al. also presented four techniques to protect the location privacy of destination from a local eavesdropper who is capable of carrying out time correlation and rate monitoring [9]

1.[9]
First, they propose a multiple parents routing scheme in which for each packet a sensor node selects one of its parents randomly and forwards the packet to that parent. This makes the traffic pattern between the source and the destination more dispersed than the schemes where all the packets travel through same sequence of nodes

2. [9]
Second technique using controlled random walk, random fake paths, and hot spots. The controlled random walk technique adds a random walk to the multiple parents routing scheme causing the traffic pattern to be more spread out and hence less vulnerable to rate monitoring. The random fake path technique is introduced to confuse an adversary from tracking a packet as it moves towards the destination, mitigating the time correlation attacks

3. [9]
In differential fractal propagation (DFP) technique, whenever a node transmits a real packet, its neighbor node generates a fake packet. This fake packet travels configured number of hops to confuse the adversary.

4. [9]
High activity local area are created in WSN, called hot spot. If such an area receives a packet, the packet has high probability of traveling through the same sequence of nodes creating an area of high activity. A local eavesdropper may be deceived into believing that this area is close to a destination. However, a global eavesdropper can notice that only some packets generated by real objects pass through this hot-spots and conclude that the destination may not necessarily be close to those hot spots.

Lifetime Bounds of Wireless Sensor Networks Preserving Perfect Sink Un observability [12]

all nodes including base station equalize the values of their total incoming and outgoing flows as well as their energy expenditure. This way, no information about the sink location is revealed even when all communication within the network is monitored

Preserving Mobile-Sink-Location Privacy in Wireless Sensor Networks[13]

a scheme based on local flooding of source and greedy random-walk of sink is proposed to protect the location privacy of mobile sinks in sensor networks. Sensor do not know any information about sinklocation, data are forwarded by local flooding and stored at pass nodes in the network. the sink move in greedy random-walk to collect data from the local nodes occasionally, which prevents the attackers from predicting their locations and movements.

Protecting the sink location privacy in wireless sensor networks[14]

protection scheme by injecting fake packets, but every real packet is still routed along its shortest path. The fake packets are routed to some random destinations and some fake sinks in order to provide the path diversity. It is difficult for an attacker to distinguish the real packets from the fake packets. Thus, the chance of finding the real sink by packet-tracing attack is reduced.

Problem Statement[12]
WSNs could be an invaluable asset for improving homeland security. As a motivating example we consider a WSN application for securing railway tracks, oil and natural gas pipelines where sensor nodes are positioned on a line. Since base station is a natural target for rendering the network ineffective with the minimum resources expended, countermeasures against attacks that seek to locate the base station needs to be developed.

References
[2]. Protecting Location Privacy Through Path Confusion [3]. PROTECTING LOCATION PRIVACY IN SENSOR NETWORKS AGAINST A GLOBAL EAVESDROPPER [4] Source-location privacy in energy constrained sensor network routing . [5] Enhancing source-location privacy in sensor network routing [6] Entrapping adversaries for source protection in sensor networks [7] Towards event source un observability with minimum network traffic in sensor networks [8] Enhancing base station security in wireless sensor networks [9] De correlating wireless sensor network traffic to inhibit traffic analysis attacks [10] Protecting receiver-location privacy in wireless sensor networks [11] Preserving Source-Location Privacy in Wireless Sensor Network using STaR Routing [12] Lifetime Bounds of Wireless Sensor Networks Preserving Perfect Sink Un observability [13] Preserving Mobile-Sink-Location Privacy in Wireless Sensor Networks [14] Protecting the sink location privacy in wireless sensor networks [15]