1. Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20

2. Introduction Traffic analysis: adversary can get significant information and then analysis the traffic patterns through eavesdropping Attack model:  Rate monitoring attack: monitoring the packet sending rate of nodes, the adversary would move to the nodes that have higher packet sending rate  Packet tracing attack: an adversary try to trace or trace back a packet hop-by-hop towards BS or source.

3. Related work (1/2) Y. Jian, “Protecting Receiver-Location Privacy in Wireless Sensor Networks” in INFOCOM 2007proceeding. Main idea:  Using a location privacy routing protocol (LPR) to provide path diversity.  Combining with fake packet injection: LPR is able to minimize the traffic direction information that an adversary can retrieve from eavesdropping.

4. Related work (1/2) Location Privacy Routing (LPR):  1). Each sensor divides its neighbors into two lists: a closer list, and a further list by the distance from the receiver.  2). When a sensor forwards a packet, it selects a neighbor randomly from one of its two lists as the next hop. It selects the next hop from the further list with probability pf, and from the closer list with probability 1−pf. Fake Packet Injection:  Whenever a sensor node forwards a packet, in addition to normally forwarding the packet to the next hop, it also transmits a fake packet to a neighbor that is randomly chosen from its further list.

5. Problem of related work To eavesdrop the sending packet, the adversary can only detect the sender but can not detect the receiver. Problem of related work:  The proposed scheme uses the same node to forward the real packet and fake packet. Which means that the node have higher sending rate than those nodes who act as transmitter to transmit the fake packets.  This will give a big chance to adversary to launch a rate monitoring attack to trace or trace back towards the BS or source.

6. Countermeasures (1/2) 1. Random Routing Scheme (RRS):  Each sensor divides its neighbors into two groups: a closer group and a further group by the hop count from BS.  When a sensor forwards a packet, it selects the next-hop node randomly from the closer neighbor group with probability P r (n). Advantage compared with related work:  LPR randomly select from the two lists, it introduce additional overhead in term of energy consumption and delay.  RRS randomly select from the closer group, it reduces delay time for less hop transmission and the total energy consumption. x c : the number of nodes in the closer group, i: the number of times that packet be forwarding, G: the set of nodes that have not been selected as the next hop to forward packet in the last x c times.

7. Countermeasures (1/2) 2. Dummy Packet Injection Scheme:  When a node hears that its neighbor node which belongs to its closer group is forwarding a real packet to the base station, the node generates dummy packets with probability T(P f ) and forwards it out.  Consider about the additional energy consumption, we use the remaining energy of node as a factor of influence to generate probability T(P f ).  For the purpose of confusing the adversary to trace a dummy packet, we assume that the dummy packet sending rate is higher than the real packet sending rate. Advantage:  Makes nodes’ energy consumption more evenly. x c : the number of nodes in the closer group, E current : the current energy of node E initial : the initial energy of node P f : random function that generating a random number from 1 to x c Δ: factor of influence in function (3). If Δ more close to 1, p f will be the value of x c /2 or (x c +1)/2 with a higher probability. (2)(3) (4)