TY - GEN
T1 - An active global attack model for sensor source location privacy
T2 - 5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2009
AU - Yang, Yi
AU - Zhu, Sencun
AU - Cao, Guohong
AU - LaPorta, Thomas
PY - 2009
Y1 - 2009
N2 - Source locations of events are sensitive contextual information that needs to be protected in sensor networks. Previous work focuses on either an active local attacker that traces back to a real source in a hop-by-hop fashion, or a passive global attacker that eavesdrops/analyzes all network traffic to discover real sources. An active global attack model, which is more realistic and powerful than current ones, has not been studied yet. In this paper, we not only formalize this strong attack model, but also propose countermeasures against it. As case studies, we first apply such an attack model to two previous schemes, with results indicating that even these theoretically sound constructions are vulnerable. We then propose a lightweight dynamic source anonymity scheme that seamlessly switches from a statistically strong source anonymity scheme to a k-anonymity scheme on demand. Moreover, we enhance the traditional k-anonymity scheme with a spatial l-diversity capability by cautiously placing fake sources, to thwart attacker's on-site examinations. Simulation results demonstrate that the attacker's gain in our scheme is greatly reduced when compared to the k-anonymity scheme.
AB - Source locations of events are sensitive contextual information that needs to be protected in sensor networks. Previous work focuses on either an active local attacker that traces back to a real source in a hop-by-hop fashion, or a passive global attacker that eavesdrops/analyzes all network traffic to discover real sources. An active global attack model, which is more realistic and powerful than current ones, has not been studied yet. In this paper, we not only formalize this strong attack model, but also propose countermeasures against it. As case studies, we first apply such an attack model to two previous schemes, with results indicating that even these theoretically sound constructions are vulnerable. We then propose a lightweight dynamic source anonymity scheme that seamlessly switches from a statistically strong source anonymity scheme to a k-anonymity scheme on demand. Moreover, we enhance the traditional k-anonymity scheme with a spatial l-diversity capability by cautiously placing fake sources, to thwart attacker's on-site examinations. Simulation results demonstrate that the attacker's gain in our scheme is greatly reduced when compared to the k-anonymity scheme.
UR - http://www.scopus.com/inward/record.url?scp=84885889028&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84885889028&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-05284-2_22
DO - 10.1007/978-3-642-05284-2_22
M3 - Conference contribution
AN - SCOPUS:84885889028
SN - 3642052835
SN - 9783642052835
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
SP - 373
EP - 393
BT - Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers
Y2 - 14 September 2009 through 18 September 2009
ER -