Towards event source unobservability with minimum network traffic in sensor networks

Sensors deployed to monitor the surrounding environment report such information as event type, location, and time when a real event of interest is detected. An adversary may identify the real event source through eavesdropping and traffic analysis. Previous work has studied the source location privacy problem under a local adversary model. In this work, we aim to provide a stronger notion: event source unobservability, which promises that a global adversary cannot know whether a real event has ever occurred even if he is capable of collecting and analyzing all the messages in the network at all the time. Clearly, event source unobservability is a desirable and critical security property for event monitoring applications, but unfortunately it is also very difficult and expensive to achieve for resource-constrained sensor network. Our main idea is to introduce carefully chosen dummy traffic to hide the real event sources in combination with mechanisms to drop dummy messages to prevent explosion of network traffic. To achieve the latter, we select some sensors as proxies that proactively filter dummy messages on their way to the base station. Since the problem of optimal proxy placement is NP-hard, we employ local search heuristics. We propose two schemes (i) Proxy-based Filtering Scheme (PFS) and (ii) Tree-based Filtering Scheme (TFS) to accurately locate proxies. Simulation results show that our schemes not only quickly find nearly optimal proxy placement, but also significantly reduce message overhead and improve message delivery ratio. A prototype of our scheme was implemented for TinyOS-based Mica2 motes.

[1]  Sencun Zhu,et al.  pDCS: Security and Privacy Support for Data-Centric Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[2]  Donggang Liu,et al.  Attack-resistant location estimation in sensor networks , 2005, IPSN 2005. Fourth International Symposium on Information Processing in Sensor Networks, 2005..

[3]  Xiaoyan Hong,et al.  ANODR: anonymous on demand routing with untraceable routes for mobile ad-hoc networks , 2003, MobiHoc '03.

[4]  Peter Palfrader,et al.  Mixmaster protocol --- version 2 , 2000 .

[5]  Leonard Kleinrock,et al.  Queueing Systems: Volume I-Theory , 1975 .

[6]  Weisong Shi,et al.  Preserving source location privacy in monitoring-based wireless sensor networks , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[7]  Bart Preneel,et al.  Taxonomy of Mixes and Dummy Traffic , 2004, International Information Security Workshops.

[8]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[9]  Rajmohan Rajaraman,et al.  Analysis of a local search heuristic for facility location problems , 2000, SODA '98.

[10]  Deborah Estrin,et al.  Data-centric storage in sensornets , 2003, CCRV.

[11]  Sencun Zhu,et al.  A random perturbation-based scheme for pairwise key establishment in sensor networks , 2007, MobiHoc '07.

[12]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[13]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[14]  Wade Trappe,et al.  Source-location privacy in energy-constrained sensor network routing , 2004, SASN '04.

[15]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[16]  Éva Tardos,et al.  Approximation algorithms for facility location problems (extended abstract) , 1997, STOC '97.

[17]  Mohan S. Kankanhalli,et al.  Anonymous secure routing in mobile ad-hoc networks , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[18]  Wenjing Lou,et al.  Anonymous communications in mobile ad hoc networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[19]  Riccardo Bettati,et al.  Compromising Location Privacy inWireless Networks Using Sensors with Limited Information , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[20]  Kamesh Munagala,et al.  Local search heuristic for k-median and facility location problems , 2001, STOC '01.

[21]  S. Wittevrongel,et al.  Queueing Systems , 2019, Introduction to Stochastic Processes and Simulation.

[22]  David B. Shmoys,et al.  Approximation algorithms for facility location problems , 2000, APPROX.

[23]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[24]  Leonard Kleinrock,et al.  Theory, Volume 1, Queueing Systems , 1975 .

[25]  Marco Gruteser,et al.  Protecting Location Privacy Through Path Confusion , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[26]  Brad Karp,et al.  GPSR: greedy perimeter stateless routing for wireless networks , 2000, MobiCom '00.

[27]  Sencun Zhu,et al.  Towards Statistically Strong Source Anonymity for Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[28]  Donggang Liu,et al.  Location Privacy in Sensor Networks Against a Global Eavesdropper , 2007, 2007 IEEE International Conference on Network Protocols.

[29]  Jiawei Zhang,et al.  Approximation algorithms for facility location problems , 2004 .

[30]  Liang Zhang,et al.  Organizational memory: reducing source-sink distance , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

[31]  Edward L. Mooney,et al.  Proximity-based adjacency determination for facility layout , 1997 .

[32]  Shivakant Mishra,et al.  Intrusion tolerance and anti-traffic analysis strategies for wireless sensor networks , 2004, International Conference on Dependable Systems and Networks, 2004.