TY - GEN
T1 - Trade-offs of source location protection in globally attacked sensor networks
T2 - 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2011
AU - Kokalj-Filipović, Silvija
AU - Le Fessant, Fabrice
AU - Spasojević, Predrag
PY - 2011
Y1 - 2011
N2 - This paper studies source location anonymity in a large monitoring wireless sensor network with a single data collector, and under a global attack. The qualifier "global" indicates the capability of the eavesdropper (attacker) to capture all network transmissions, and to discern their time and location. We propose a scheme for generating fake network traffic to disguise the real event notification. This scheme is particularly effective for the protection of the monitored asset in delay-intolerant applications monitoring rare and spatially sparse events. Unlike earlier work on this topic, we jointly consider the protection strength, events' dynamics, probability of the attacker's exposure during the attack, notification latency, network overhead, and scalability. The efficiency of the scheme that provides statistical source anonymity is achieved by partitioning network nodes randomly into several node groups. Members of the same group collectively emulate both temporal and spatial distribution of the event. Under such framework, we aim to better model the global eavesdropper, especially her way of using statistical tests to detect the real event. In addition, our approach aims to reduce the per-event work spent to generate the fake traffic while, most importantly, providing a guaranteed latency in reporting the event. The latency is controlled by decoupling the routing from the fake-traffic schedule. A good dummy-source group design also provides a robust protection of event bursts. This is achieved at the expense of the significant overhead as the number of dummy-source groups must be increased to the reciprocal value of the false alarm parameter used in the statistical test. Ultimately, our message is that designing a protection scheme to meet multiple requirements, imposed by realistic application scenarios, involves trade-offs among several performance measures, and calls for an evaluation framework that recognizes these challenges. We believe that the proposed source anonymity protection strategy, and the evaluation framework, are well justified by the abundance of the applications that monitor a rare event with uniform spatial distribution.
AB - This paper studies source location anonymity in a large monitoring wireless sensor network with a single data collector, and under a global attack. The qualifier "global" indicates the capability of the eavesdropper (attacker) to capture all network transmissions, and to discern their time and location. We propose a scheme for generating fake network traffic to disguise the real event notification. This scheme is particularly effective for the protection of the monitored asset in delay-intolerant applications monitoring rare and spatially sparse events. Unlike earlier work on this topic, we jointly consider the protection strength, events' dynamics, probability of the attacker's exposure during the attack, notification latency, network overhead, and scalability. The efficiency of the scheme that provides statistical source anonymity is achieved by partitioning network nodes randomly into several node groups. Members of the same group collectively emulate both temporal and spatial distribution of the event. Under such framework, we aim to better model the global eavesdropper, especially her way of using statistical tests to detect the real event. In addition, our approach aims to reduce the per-event work spent to generate the fake traffic while, most importantly, providing a guaranteed latency in reporting the event. The latency is controlled by decoupling the routing from the fake-traffic schedule. A good dummy-source group design also provides a robust protection of event bursts. This is achieved at the expense of the significant overhead as the number of dummy-source groups must be increased to the reciprocal value of the false alarm parameter used in the statistical test. Ultimately, our message is that designing a protection scheme to meet multiple requirements, imposed by realistic application scenarios, involves trade-offs among several performance measures, and calls for an evaluation framework that recognizes these challenges. We believe that the proposed source anonymity protection strategy, and the evaluation framework, are well justified by the abundance of the applications that monitor a rare event with uniform spatial distribution.
UR - http://www.scopus.com/inward/record.url?scp=80052805482&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80052805482&partnerID=8YFLogxK
U2 - 10.1109/SAHCN.2011.5984914
DO - 10.1109/SAHCN.2011.5984914
M3 - Conference contribution
AN - SCOPUS:80052805482
SN - 9781457700934
T3 - 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2011
SP - 323
EP - 331
BT - 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2011
Y2 - 27 June 2011 through 30 June 2011
ER -