Elsevier

Pervasive and Mobile Computing

Volume 11, April 2014, Pages 244-260
Pervasive and Mobile Computing

Fast track article
Using data mules to preserve source location privacy in Wireless Sensor Networks

https://doi.org/10.1016/j.pmcj.2012.10.002Get rights and content

Abstract

Wireless Sensor Networks (WSNs) have many promising applications for monitoring critical regions, like military surveillance and wildlife monitoring. In such applications, it is critical to protect the location of the source sensor that generates the data, as exposure of this information usually reveals the location of the object being monitored. Traditional security mechanisms, like encryption, have been proven to be ineffective as the location of the source can also be revealed by analyzing the traffic flow in the network. In this paper, we investigate the source-location privacy issue. We first propose a realistic semi-global eavesdropping attack model and show its effectiveness in compromising an existing source-location preserving technique. Furthermore, to measure source location privacy against the semi-global eavesdropper, we define a model for α-angle anonymity. Additionally, we design a new protocol called Mule-Saving-Source (MSS) that preserves α-angle anonymity by adapting the conventional function of data mules. We theoretically analyze the delay incurred by using data mules in MSS, and we examine via extensive simulations the trade-off between the delay and privacy preservation under different data mule mobility patterns. We categorize the delay in MSS as being caused primarily due to the buffering time at the source sensor and the data mules. Motivated by this observation, we propose two modifications to MSS, Mule-Saving-Source-Shortest Path (MSS-SP) and Mule-Saving-Source-Two Level (MSS-TL), both aimed at reducing the total delay by reducing the buffering time at the data mule and source respectively. Through theoretical analysis, we examine the delay in the proposed modifications and evaluate their performance with the MSS protocol using a comprehensive set of simulations. Furthermore, to study the impact of the mobility model of the data mules on the MSS protocol, we compare the performance of the MSS protocol by changing the mobility model of data mules to a Random Waypoint based model.

Introduction

In recent years, WSNs have played an important role in a number of security applications, like remotely monitoring objects. In such applications, the location of the monitored object is tightly coupled with the sensor that detects it, called the data source. Therefore, preserving the location of the data source is important for protecting the object from being traced. Such a preservation cannot be simply accomplished by encrypting the data packets as the location of the data source can be disclosed by analyzing the traffic flow in WSNs.

The problem of preserving source-location privacy can be explained using the “Panda-Hunter Game”  [1], in which the sensors are deployed in the forest to monitor the movement of pandas. Each panda is mounted with an actuator which signals to the surrounding sensors in its communication range. When the sensor close to the panda receives the signal, it creates and sends data reports to the base station over the wireless network. A hunter who is monitoring the wireless communication between the sensors will be able to identify the direction of incoming traffic flow and trace back the data transmission path to locate the data source, thus catching the panda. In fact, any WSNs used for such monitoring applications are vulnerable to such kinds of traffic analysis based attacks.

There have been extensive techniques proposed to preserve source-location privacy against different attack models: the local-eavesdropping model and the global-eavesdropping model. Local-eavesdropping  [1], [2], [3], [4] assumes the attacker’s ability to monitor the wireless communication is limited to a very small region, up to very few hops. In the global-eavesdropping model  [5], [6], [7], the attacker is assumed to be capable of monitoring the traffic over the entire network. We believe both of them are unrealistic, because the former stringently restricts the attacker’s ability while the latter exaggerates it, considering the resources and cost required for launching such an attack.

In this paper, we propose a more practical attack model, the semi-global eavesdropping model, in which the attacker is able to eavesdrop on wireless communications in a substantial area that is much smaller than the entire monitoring network. This attack model allows the attacker to gather substantially more information than a local eavesdropper. As shown in Section  3, this attack allows the attacker to overcome defenses that defeat a local eavesdropper. On the other hand, without the ability of monitoring the entire network, system designers can consider alternatives to network flooding and other approaches against the global eavesdropping model that suffer from a high communication overhead.

Under the semi-global eavesdropping model, we explore a novel protocol for preserving source-location privacy by using data mules. Traditionally, data mules are used in WSNs for reducing energy consumption due to the data transmission between sensors and facilitating communication in disconnected networks. A data mule picks up data from the data source and then delivers them directly to the base station. We adapt the functionality of data mules so that they not only maintain their traditional functionality, but also facilitate the preservation of the location privacy of data sources.

Our main contributions in this paper are summarized as follows: (1) we propose a new attack model, called semi-global eavesdropping; (2) we introduce a linear-regression based traffic analysis approach to enable the attacker to infer the direction of the data source and demonstrate its effectiveness by breaking an existing routing protocol of preserving source-location privacy; (3) we define the α-angle anonymity model for studying the source-location privacy; (4) we propose a novel protocol, called the Mule-Saving-Source protocol (MSS), that uses data mules to achieve α-angle anonymity; (5) we theoretically analyze the delay in the MSS protocol which includes the buffering time at the data source and the data mule; (6) we propose the Mule-Saving-Source-Shortest Path Protocol (MSS-SP), which aims at reducing the buffering time at the data mules as compared to MSS by modifying the data delivery path of the data mules; (7) we propose the Mule-Saving-Source-Two Level (MSS-TL), which aims at reducing the total delay by restricting the data mules to local areas in the network; (8) we study the impact of the mobility pattern of the data mule on the MSS protocol by changing the mobility model of the data mule to a Random Waypoint based mobility model; and (9) through theoretical analysis and a comprehensive set of experiments we show their effectiveness in reducing the total delay as well as drawing comparisons between them.

The roadmap of this paper is given as follows. We describe the system model and network scenario in Section  2. In Section  3 we introduce the attack model as well as our proposed linear-regression based approach to analyze traffic, followed by the α-angle anonymity model for preserving source location privacy. In Section  4, we present the Mule-Saving-Source protocol to protect the location of the data source. In addition, we theoretically analyze the data delay introduced by our protocol in Section  5. We evaluate the performance of the MSS protocol by analyzing the results from a comprehensive set of simulations in Section  6. The two proposed modifications to the MSS protocols are discussed in Sections  7 Mule-Saving-Source-Shortest Path (MSS-SP) protocol, 8 Mule-Saving-Source-Two Level (MSS-TL) protocol respectively. In Section  9, we study the impact of the choice of the mobility pattern of data mules on the delay in the MSS protocol. We discuss related works in Section  10 and conclude the paper in Section  11.

Section snippets

System model

The terrain of our underlying network is a finite two-dimensional grid, which is further divided into cells of equal size. The network is composed of one base station, static sensors, and mobile agents, called data mules.

Preliminaries

In this section, we will first introduce our attack model and then propose a linear-regression based approach for analyzing data traffic. Furthermore, we will demonstrate the effectiveness of our attack model by compromising the phantom routing protocol  [1]. Finally, we will define the α-angle anonymity model for studying the location privacy preservation of the data source.

Mule-Saving-Source protocol

To protect the source location privacy against a semi-global eavesdropper, we design a protocol, called the Mule-Saving-Source protocol, achieving α-angle anonymity. Our protocol exploits the random mobility of data mules to establish a data transmission pattern which effectively preserves the location privacy of the data source. Specifically, we modify the traditional function of data mules by having them hand data to regular sensors at only specific locations in the network, from where data

MSS protocol analysis

In order to model the mobility pattern of data mules we use a discrete-time Markov chain model, similar to the model proposed in  [8]. Each state in the Markov chain represents the condition when the data mule is present at a specific cell in the network. Let P be the transitional probability matrix for the defined Markov chain model, where the entry pijP representing the probability of a data mule transiting from one state si to another state sj for Markov chain with state space S is:

pij={1q,

Experimental study of the MSS protocol

A comprehensive set of simulations was conducted using a customized C++ based simulator to evaluate the performance of the discussed protocols. Specifically, we evaluated the MSS protocol and characterized the delay in it due to the number of data mules and privacy level (α angle). Furthermore, we establish the fact that the MSS protocol gives better performance than the DD protocol.

The simulation configuration is detailed in Table 2. We assume the base station is located at the center of the

Mule-Saving-Source-Shortest Path (MSS-SP) protocol

We propose the MSS-SP protocol by modifying the MSS protocol to reduce the total delay of the data packets by minimizing the carrying delay of the data mules. The carrying delay at the data mule is the total time the data packets are buffered at the data mule after it picks them up from the data source. The data mules deliver the data packets to the sensors closest to the dropping line. The carrying delay at the data mules is primarily dependent on the size of the network, the number of logical

Mule-Saving-Source-Two Level (MSS-TL) protocol

In reality, allowing any data mules to move in the entire wireless sensor network may not be efficient for data delivery from the perspective of data delay. Hence, we partition the network into blocks and restrict the movement of each data mule to a block, aimed at reducing the buffering time at the sensors. In this section, we first describe the deployment of data mules and then introduce a new protocol for routing the data by correspondingly adjusting our MSS protocol.

MSS protocol-Random Waypoint Model (MSS-RWP)

The mobility pattern of the data mules has an impact on the spatial and temporal distribution of the data mules in the network, thus affecting the inter-arrival time of the data mules at different sensors in the network. In this section, we study the impact of various mobility patterns of data mules on the MSS protocol.

In Section  4, the mobility pattern of the data mule was modeled as a random walk on the grid, wherein in each transition it moves with equal probability to one of the

Related work

We discuss the techniques for preserving the location privacy of the data source by categorizing them based on different attack models they counteract, namely local-eavesdropping model and global-eavesdropping model. For a more comprehensive taxonomy of techniques of preserving privacy in WSNs, we refer readers to the state-of-the-art survey  [16].

For local-eavesdropping based attack, the flooding based approach was first introduced in  [2], where each sensor broadcasts data that it receives to

Conclusion

In this paper, we address the issue of source-location privacy in WSNs. We described a realistic semi-global eavesdropping attack model and established its effectiveness by compromising the Phantom Routing protocol. Furthermore, we defined the α-angle anonymity model for measuring the privacy preservation of source location in WSNs. To this end, we proposed a Mule-Saving-Source protocol which adapts the traditional functions of the data mules for making it α-angle anonymous. Through theoretical

Acknowledgments

This work is partially supported by US National Science Foundation grants CNS-0916221, IIS-0326505, IIS-1064460, and CNS-1150192. Any opinions, findings and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect those of the National Science Foundation. The authors would also like to thank the anonymous reviewers for their valuable comments.

References (17)

  • P. Kamat, Y. Zhang, W. Trappe, C. Ozturk, Enhancing source-location privacy in sensor network routing, in: Proceedings,...
  • C. Ozturk, Y. Zhang, W. Trappe, Source-location privacy in energy-constrained sensor network routing, in: Proceedings,...
  • Y. Ouyang, X. Le, G. Chen, J. Ford, F. Makedon, Entrapping adversaries for source protection in sensor networks, in:...
  • Y. Li, J. Ren, Source-location privacy through dynamic routing in wireless sensor networks, in: Proceedings of INFOCOM,...
  • K. Mehta, D. Liu, M. Wright, Location privacy in sensor networks against a global eavesdropper, in: Proceedings of...
  • Y. Yang, M. Shao, S. Zhu, B. Urgaonkar, G. Cao, Towards event source unobservability with minimum network traffic in...
  • W. Yang, W. Zhu, Source location privacy in wireless sensor networks with data aggregation, in: Proceedings of UIC,...
  • C.R. Shah et al.

    Data mules: modeling and analysis of a three-tier architecture for sparse sensor networks

    Ad Hoc Networks

    (2003)
There are more references available in the full text version of this article.

Cited by (37)

  • WSNs-assisted opportunistic network for low-latency message forwarding in sparse settings

    2019, Future Generation Computer Systems
    Citation Excerpt :

    However, in unknown areas, the decision-making of routes would be very difficult, resulting in a higher level of uncertainty in terms of routing performance. Mules [25–27] is another kind of opportunistic networks designed for message delivery among isolated sensor networks. The message is delivered from one network to another via data mules.

  • A source location protection protocol based on dynamic routing in WSNs for the Social Internet of Things

    2018, Future Generation Computer Systems
    Citation Excerpt :

    Solutions in this category make it difficult for an adversary to differentiate the real traffic from the fake traffic. Another kind of solution that aims at providing a better SLP is cyclic entrapment [24–27]. Long et al. proposed a Ring-Based Routing (RBR) scheme [28].

  • The Internet of People (IoP): A new wave in pervasive mobile computing

    2017, Pervasive and Mobile Computing
    Citation Excerpt :

    While people-centric sensing provides, in principle, a huge sensing environment available to support context-aware human-centric services and applications, there are clearly huge challenges related to privacy of the data and the knowledge about the users’ behavior that can be inferred. Privacy is, therefore, a major research challenge [223–228], in this framework. People-centric sensing is an example of a service that can be implemented by exploiting the personal-device resources.

  • A Multipath Source Location Privacy Protection Scheme in Wireless Sensor Networks via Proxy Node

    2022, Proceedings - IEEE Congress on Cybermatics: 2022 IEEE International Conferences on Internet of Things, iThings 2022, IEEE Green Computing and Communications, GreenCom 2022, IEEE Cyber, Physical and Social Computing, CPSCom 2022 and IEEE Smart Data, SmartData 2022
View all citing articles on Scopus
View full text