1 / 23

CSC 774 Advanced Network Security

The paper explores the critical challenge of privacy in sensor networks, focusing on content-oriented and contextual privacy, particularly source-location privacy, essential for applications like asset monitoring. Through a case study involving a panda-hunter game, it examines routing techniques aimed at protecting the source's location against potential threats. Techniques discussed include baseline routing, routing with fake sources, and phantom routing. The performance of these methods is analyzed with respect to privacy metrics, energy consumption, and message delivery quality, ultimately advocating for phantom routing as an effective strategy for safeguarding privacy in mobile sensor networks.

locke
Télécharger la présentation

CSC 774 Advanced Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005

  2. Introduction and Motivation • Major challenge to deployment of sensor networks is privacy • Two types of privacy • Content-oriented privacy (e.g. packet data) • Contextual privacy (e.g. source location of packet) • Important use of future sensor network applications is asset monitoring • Source-location privacy is critical

  3. Example Scenario source sink

  4. Outline • Panda-Hunter Game • Formal & Simulation Models • Baseline Routing • Routing with Fake Sources • Phantom Routing • Privacy for Mobile Sources • Conclusions & Future Work

  5. Panda-Hunter Game • Once panda is detected, source periodically sends data to sink through multi-hop routing • Assume single panda, source, and sink • Attacker: • Non-malicious • Device-Rich • Resource-Rich • Informed • Privacy cautious routing technique prevents hunter from locating source

  6. Formal Model • Asset monitoring network: sixtuple (N, S, A, R, H, M) • N = set of sensor nodes • S = network sink • A = asset being monitored • R = routing policy of sensors to protect asset • H = hunter with movement rules M to capture asset • Two privacy metrics for a routing strategy R • Φ = safety period of an R given M • L = capture likelihood of R given M • Network performance • Energy Consumption (# messages sent) • Delivery Quality (avg. msg. latency, delivery ratio)

  7. Simulation Model • N = 10,000 nodes • Panda appears at random location, and closest sensor periodically sends packets to the sink • Simulation ends if hunter gets close to panda (i.e. within Δ hops) or hunter fails to catch panda within a threshold time

  8. Baseline Routing Techniques • Two most popular routing techniques for sensor networks • Flood-based Routing • Source node forwards packets to all neighbors • When a neighbor receives a packet, if it has not already seen this packet, it forwards the packet to all its neighbors with probability Pforward • Single-path (Shortest-path) Routing • Initial configuration phase sets up lists at sensor nodes so each node knows which neighbor is on the shortest path to the sink

  9. Patient Adversary Model • Hunter starts at sink • When hunter hears a message, it moves to the message’s immediate sender • Process repeats until hunter reaches source

  10. Baseline Routing Performance

  11. Baseline Routing Performance (2)

  12. Routing with Fake Sources • Flooding and single-path routing have poor source-privacy: • Add fake sources to inject fake packets • Lead hunter away from real source • Two Issues • How to choose the fake source? • How often to inject fake packets?

  13. Routing with Fake Sources (2)

  14. Routing with Fake Sources (3) • Fake sources still not enough • Smarter Adversary can detect zigzag pattern • Pick one of the two directions and follow to the source • If this is not the real source, backtrack to reach the other source • Fake messaging increases energy cost for little increase in source-location privacy

  15. Phantom Routing • Problem with baseline and fake messaging techniques: • Sources provide a fixed route so adversary can trace each route • Goal of phantom routing: • Direct hunter away from source to phantom source • Two Phases • Random walk: direct msg. to phantom source • Flooding/single-path routing: direct msg. to sink

  16. Phantom Routing (2)

  17. Phantom Routing (3) • Random Walk Phase • Source-location privacy depends on phantom source being far from real source after hwalk hops • True Random Walk • Not good: Message tends to hover around real source • Proof in paper using central limit theorem • Directed Random Walk • Sector-based: Each node knows east/west • Hop-based: Each node knows toward/away from source • Pick one direction randomly and each node during random walk sends the msg. to another node in that direction

  18. Phantom Routing (4)

  19. Phantom Routing (5) • New adversary: Cautious Adversary Model • Since hunter may be stranded far from true source and not hear any messages for some time • If no message heard for some time interval, backtrack one step and wait again • Results worse for cautious adversary, so it is better for hunter to be patient and wait for messages to arrive

  20. Privacy for Mobile Sources • How does source location privacy change if asset is mobile (e.g. panda walks around) • Tests using a simple movement pattern: • α: governs direction • δ: stay time at each location • d: distance of each movement • T: reporting interval

  21. Privacy for Mobile Sources • Impact of panda’s velocity

  22. Privacy for Mobile Sources • Impact of hunter’s hearing range

  23. Conclusions & Future Work • Conclusions • Flooding and single-path routing have poor source location privacy • Phantom routing can be used with either routing protocol to greatly enhance privacy at a small cost of communication overhead • Future Work • Authors: Investigate stronger adversarial models and multiple asset tracking scenarios • Multiple hunters: Could they collude to find panda faster • Multiple sinks: Sensors transmit to randomly chosen sink

More Related