Enhancing Source-Location Privacy in Sensor Network Routing P.Kamat, Y. Zhang, W. Trappe, C. Ozturk In Proceedings of the 25th IEEE International Conference on Distributed Computing Systems Natalia Stakhanova cs610

Sensor networks Security threats  concerns with data security necessity to protect content of the data packages transferred through the network  privacy threats associated with sensors devices necessity to secure the transmission of the data, for ex. location of the sensor node providing particular information  Presented work addresses this issue

Example: pander-hunter game  Sensors are monitoring the habitat of pandas once panda is observed - the information is reported to the base station hunter desires to capture panda  Assumptions one panda, one hunter and one base station hunter is equipped with rich memory and power resources and is able to identify the immediate sender knowing signal strength and the angle of the arrived message

Privacy metrics  the safety period number of messages initiated by the sensor monitoring the panda.  the capture likelihood the probability that hunter can capture panda within a specified time period.

Considered routing protocols  Two baseline techniques flooding  message is broadcasted to all neighbors single-path routing  message is routed to one of the neighbors  Improvements for these techniques each technique is associated with behavioral hunter model

Performance: baseline routing protocols Patient hunter model hunter waits at the base station for message moves to the immediate sender of that message repeats until reaches the source node The safety period is the same as the length of the shortest routing path. single-path routing flooding The capture likelihood is high with single source routing, much lower with probabilistic routing

Improvement: routing with fake sources  introduce new sources that inject fake messages into the network two challenges:  How to chose fake source  Rate of fake messaging

Routing with fake sources  Fake source source is h hops away, sends message to the sink sink sends a message into opposite direction once message reached node in h hops away from sink it becomes a fake source  Rate of fake messaging Slow rate → hunter finds the real source fast At the rate of the real messaging → hunter struggles between fake and real source High rate → hunter is kept at the fake source fake source real source

Performance: routing with fake sources  Fast speed of fake messaging provides good privacy!  … But it won’t work for more sophisticated hunter Perceptive hunter model hunter is able to detect deception for ex. can keep the history of visited nodes

Improvement: phantom routing  Introduces two phases: random walk  message is routed in random fashion for h hops flooding/single-path routing  after h hops message is routed using baseline technique Random walk Flooding

Phantom routing: further improvement  Pure random walk might not be efficient → directed random walk a sector based directed random walk  each node partitions neighbors into two sets S1, S2 (for ex. east/west)  if message is sent to node in S1, then every node forwards it to the neighbors in set S1 only a hop-based directed random walk  must know the hop count between sink and all nodes  partition node into 2 sets: with hop count mine

Performance: phantom routing  Safety period for phantom single-source routing is higher than for phantom flooding single-path routing flooding Why: probability in single-source routing that message will intersect hunter’s path is small in flooding this probability is still large

Performance: phantom routing  The capture likelihood - number of transmissions per message increases linearly for both techniques single-path routing flooding However Safety period increase is more dramatic So combined -> more privacy

Performance: phantom routing  Caution hunter model hunter limits its listening time at node after timeout hunter returns to the previous node However … does not provide more benefits hunter does not make much progress towards the real source Safety period is higher, while capture likelihood is lower

Privacy in mobile sensor network  Mobility adds privacy Fast moving panda alone is sufficient to provide source privacy using single-source routing In phantom routing the privacy increases

Conclusion  Majority of the research efforts are focused on data security  There are some works on protecting privacy associated with network devices not appropriate for sensor networks  This is one of the first efforts to address sensor location privacy in sensor network

???