Brian

Document Sample
Brian Powered By Docstoc
					              Computer Science




CSC 774 Advanced Network Security


  Enhancing Source-Location Privacy in Sensor
        Network Routing (ICDCS ’05)

                    Brian Rogers
                    Nov. 21, 2005
                                                1
Introduction and Motivation
• Major challenge to deployment of sensor
  networks is privacy
• Two types of privacy
  – Content-oriented privacy (e.g. packet data)
  – Contextual privacy (e.g. source location of packet)
• Important use of future sensor network
  applications is asset monitoring
  – Source-location privacy is critical


            Computer Science                              2
Example Scenario




        source


                            sink




         Computer Science          3
Outline
•   Panda-Hunter Game
•   Formal & Simulation Models
•   Baseline Routing
•   Routing with Fake Sources
•   Phantom Routing
•   Privacy for Mobile Sources
•   Conclusions & Future Work


            Computer Science     4
Panda-Hunter Game
• Once panda is detected, source periodically
  sends data to sink through multi-hop routing
• Assume single panda, source, and sink
• Attacker:
  –   Non-malicious
  –   Device-Rich
  –   Resource-Rich
  –   Informed
• Privacy cautious routing technique prevents
  hunter from locating source
             Computer Science                    5
Formal Model
• Asset monitoring network: sixtuple (N, S, A, R, H, M)
   –   N = set of sensor nodes
   –   S = network sink
   –   A = asset being monitored
   –   R = routing policy of sensors to protect asset
   –   H = hunter with movement rules M to capture asset
• Two privacy metrics for a routing strategy R
   – Φ = safety period of an R given M
   – L = capture likelihood of R given M
• Network performance
   – Energy Consumption (# messages sent)
   – Delivery Quality (avg. msg. latency, delivery ratio)


               Computer Science                             6
Simulation Model
• N = 10,000 nodes
• Panda appears at random location, and closest
  sensor periodically sends packets to the sink
• Simulation ends if hunter gets close to panda
  (i.e. within Δ hops) or hunter fails to catch
  panda within a threshold time




           Computer Science                       7
Baseline Routing Techniques
• Two most popular routing techniques for
  sensor networks
  – Flood-based Routing
     • Source node forwards packets to all neighbors
     • When a neighbor receives a packet, if it has not already
       seen this packet, it forwards the packet to all its
       neighbors with probability Pforward
  – Single-path (Shortest-path) Routing
     • Initial configuration phase sets up lists at sensor nodes
       so each node knows which neighbor is on the shortest
       path to the sink

             Computer Science                                      8
Patient Adversary Model
• Hunter starts at sink
• When hunter hears a message, it moves to the
  message’s immediate sender
• Process repeats until hunter reaches source




           Computer Science                      9
Baseline Routing Performance




         Computer Science      10
Baseline Routing Performance (2)




         Computer Science          11
Routing with Fake Sources
• Flooding and single-path routing have poor
  source-privacy:
  – Add fake sources to inject fake packets
  – Lead hunter away from real source
• Two Issues
  – How to choose the fake source?
  – How often to inject fake packets?




            Computer Science                   12
Routing with Fake Sources (2)




         Computer Science       13
Routing with Fake Sources (3)
• Fake sources still not enough
• Smarter Adversary can detect zigzag pattern
• Pick one of the two directions and follow to
  the source
• If this is not the real source, backtrack to reach
  the other source
• Fake messaging increases energy cost for little
  increase in source-location privacy

            Computer Science                       14
Phantom Routing
• Problem with baseline and fake messaging
  techniques:
  – Sources provide a fixed route so adversary can
    trace each route
• Goal of phantom routing:
  – Direct hunter away from source to phantom source
• Two Phases
  – Random walk: direct msg. to phantom source
  – Flooding/single-path routing: direct msg. to sink

            Computer Science                            15
Phantom Routing (2)




         Computer Science   16
Phantom Routing (3)
• Random Walk Phase
  – Source-location privacy depends on phantom source being
    far from real source after hwalk hops
• True Random Walk
  – Not good: Message tends to hover around real source
  – Proof in paper using central limit theorem
• Directed Random Walk
  – Sector-based: Each node knows east/west
  – Hop-based: Each node knows toward/away from source
  – Pick one direction randomly and each node during random
    walk sends the msg. to another node in that direction

             Computer Science                             17
Phantom Routing (4)




         Computer Science   18
Phantom Routing (5)
• New adversary: Cautious Adversary Model
  – Since hunter may be stranded far from true source
    and not hear any messages for some time
  – If no message heard for some time interval,
    backtrack one step and wait again
• Results worse for cautious adversary, so it is
  better for hunter to be patient and wait for
  messages to arrive


           Computer Science                             19
Privacy for Mobile Sources
• How does source location privacy change if asset is
  mobile (e.g. panda walks around)
• Tests using a simple movement pattern:




•   α:   governs direction
•   δ:   stay time at each location
•   d:   distance of each movement
•   T:   reporting interval

                Computer Science                        20
Privacy for Mobile Sources
• Impact of panda’s velocity




            Computer Science   21
Privacy for Mobile Sources
• Impact of hunter’s hearing range




            Computer Science         22
Conclusions & Future Work
• Conclusions
  – Flooding and single-path routing have poor source location
    privacy
  – Phantom routing can be used with either routing protocol to
    greatly enhance privacy at a small cost of communication
    overhead
• Future Work
  – Authors: Investigate stronger adversarial models and
    multiple asset tracking scenarios
  – Multiple hunters: Could they collude to find panda faster
  – Multiple sinks: Sensors transmit to randomly chosen sink

             Computer Science                                   23

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:12
posted:12/4/2011
language:English
pages:23