slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Adviser: Frank,Yeong -Sung Lin Present by Chris Chang PowerPoint Presentation
Download Presentation
Adviser: Frank,Yeong -Sung Lin Present by Chris Chang

Loading in 2 Seconds...

play fullscreen
1 / 101

Adviser: Frank,Yeong -Sung Lin Present by Chris Chang - PowerPoint PPT Presentation


  • 128 Views
  • Uploaded on

Determining sink location through Zeroing-In attackers in wireless sensor networks Zhenhua Liu • Wenyuan Xu. Adviser: Frank,Yeong -Sung Lin Present by Chris Chang. Agenda. Introduction System model Zeroing-In attack overview Hop-count-based Zeroing-In attacks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Adviser: Frank,Yeong -Sung Lin Present by Chris Chang' - arnie


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Determining sink location through Zeroing-In attackers in wireless sensor networksZhenhua Liu • WenyuanXu

Adviser: Frank,Yeong-Sung Lin

Present by Chris Chang

agenda
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
agenda1
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
introduction
Introduction
  • Wireless sensor networks (WSNs) have been deployed for a wide variety of applications:
    • Animal habitat monitoring
    • Critical infrastructure monitoring
    • Target tracking
    • Battle field surveillance
introduction1
Introduction
  • Typically, those wireless sensor networks consist of :
    • Alarge collection of low power and resource-constrained sensor nodes that monitor the underlying physical phenomena.
    • A small set of base stations, aka. sinks, that collect sensor measurements in a multi-hop fashion.
introduction2
Introduction
  • A many-to-one communication pattern lead to the fact that adversaries can easily leverage the sink location information to launch a series of attacks interrupting the network communication.
  • After obtaining the sink location information…
    • Adversary can destroy the sinks physically by human intervention, such as hammering them.
    • This pattern also makes sinks the ideal spots to sniff packets for off-line analysis or the initial points to launch attacks.
introduction3
Introduction
  • In this paper , we focus on studying the sink location privacy issue.
  • Several attacks have been proposed to determine the locations of sinks:
    • trace-back attacks
    • traffic analysis attacks
introduction4
Introduction
  • Most of them assume resource-intensive adversaries:
    • Some require the adversary to equip with special radio devices that can measure the angle of arrival
    • Some require the adversary to have a global view by deploying its own sensors throughout the network
introduction5
Introduction
  • In this paper, we focus on studying the sink location privacy problem in the presence of budget adversaries.
  • We assume that budget adversaries do not have specialized radio devices, nor are they able to monitor the entire networks simultaneously.
introduction6
Introduction
  • Several network metrics are two dimensional (2D) functions of locations in the network, and their values either maximize or minimize at the sink.
introduction7
Introduction
  • From the attackers’ point of view:
    • A few resource-constrained attackers can launch Zeroing-In attacks, whereby each of them samples her local network metric and collectively they can derive the locations of the sinks by combining their measurements.
introduction8
Introduction
  • From the defenders’ point of view:
    • The network should design a routing protocol that can break the correlation between the network metric extreme value.
    • Due to highly constrained resources(wireless network), we design a light-weighted routing protocol to cope with Zeroing-In attacks.
agenda2
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
system model
System model
  • Network model
  • Adversary model
system model network model
System model (Network model)
  • Many-to-one data dissemination:
    • The sensor network utilizing the popular many-to-one data dissemination methods, whereby the sink is connected to a large portion of the sensor nodes.
    • Without loss of generality, we assume that there is only one sink in the network. (our work can also be applied to networks with multiple sinks local extrema
system model network model1
System model (Network model)
  • Tree-based routing schemes:
    • We focus on tree-based routing schemes, a popular family of routing protocols whereby the network establishes and maintains a forwarding tree rooted at the sink.
    • This forwarding tree is often built with the assistance of hop counts, i.e., the number of hops from the sink.
system model network model2
System model (Network model)
  • Broadcast enabled:
    • We assume that the sink will flood the network with controlling commands or query requests from time to time.
  • Homogeneous networks:
    • Finally, each node uses the same type of hardware platform and sends messages at the same transmission power level. As a result, they have a similar radio range.
system model adversary model
System model (Adversary model)
  • Eavesdrop-enabled:
    • Adversaries have the same radio devices as network nodes for eavesdropping.
    • Although the adversaries are unable to decipher packet contents, they are able to record the time that they witness a packet.
  • Resource-limited:
    • Adversaries are not equipped with specialized radio devices, such as spectrum analyzers or super sensitive antenna arrays.
    • Adversaries cannot afford to deploy their own sensor network to monitor the entire network
system model adversary model1
System model (Adversary model)
  • Able to collude:
    • Multiple adversaries are available.
    • They collude with each other to infer the location of the sink by sharing their local views
  • Location-aware:
    • Each adversary is able to determine its own location.
  • Protocol-aware:
    • Adversaries know the networking and privacy-related protocols used in the sensor networks.
agenda3
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
zeroing in attack overview
Zeroing-In attack overview
  • In this section, we overview the proposed ‘‘Zeroing-In’’ attacks.
  • Several metrics in a sensor network are functions of locations. Typically, moving towards the sink either increases the values of those network metrics or decreases them monotonically.
zeroing in attack overview1
Zeroing-In attack overview
  • For instance :
    • Hop count : is the smallest number of intermediate nodes a packet has to traverse in order to reach the sink. The hop count associated with a network node decreases as the node becomes closer to the sink, and it becomes zero at the sink.
    • Traffic rate :is the number of packet transmissions in a unit time in a region. It increases as the distance to the sink decreases and reaches maxima at the sink.
zeroing in attack overview2
Zeroing-In attack overview
  • Thus, from the attackers’ point of view, the problem of determining sink location becomes a problem of finding the extremum (maximum or minimum) of those functions.
  • Without loss of generality, in this paper, we focus on network metrics that minimize at the sink.
zeroing in attack overview3
Zeroing-In attack overview
  • To identify the position of the sink leveraging 2D models of the network metrics, ‘‘Zeroing-In’’ attacks consist of two steps:
    • Sampling step.
    • Zeroing-In step.
zeroing in attack overview4
Zeroing-In attack overview
  • Sampling step:
    • madversaries place themselves in an area S within which the network is deployed.
    • The coordinates of the i-th adversary as zi = (xi, yi), and the i-th observation as a tuple (xi, yi, hi), where hi is a network metric.
    • The network metric hi is either the hop count or the arrival time of a packet at (xi, yi).
zeroing in attack overview5
Zeroing-In attack overview
  • Zeroing-In step:
  • Goal : Identify the position of the sink.
  • Adversaries first determine the 2D network metric function h = f(x, y) by analyzing m observations:
  • Find the sink location zs = (xs, ys) as the point where f(x, y) reaches the minimum :
agenda4
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
hop count based zeroing in attacks
Hop-count-based Zeroing-In attacks
  • Assumption:
    • We consider the adversaries that can acquire the hop count of any node in the network but is limited to acquiring the hop count at one location once.
    • We assume that adversaries can inject broadcast packets to the network to estimate the hop count between them.
hop count based zeroing in attacks1
Hop-count-based Zeroing-In attacks
  • To illustrate the attacks, we start by providing a brief description on the tree-based routing protocol that is implemented in TinyOS 1.x, an operating system for sensor networks.
hop count based zeroing in attacks2
Hop-count-based Zeroing-In attacks
  • Tree-based routing protocol :
    • Eventually a shortest-path-based routing tree is formed with the sink node serving as the root of the tree.
    • To build the routing tree, each node selects its routing parent as the neighbor that contains the smallest hop count, and then it announces its hop count, which is one greater than its parent’s.
    • To make the underlying routing tree adaptive to topology changes, nodes periodically broadcast routing announcements, which include the ID of the origin and the hop count in plaintext.
hop count based zeroing in attacks3
Hop-count-based Zeroing-In attacks
  • Model hop counts and hop sizes
    • Distribution of α
  • Determine the sink location
  • Adversary placement
  • Least squares without flooding
hop count based zeroing in attacks4
Hop-count-based Zeroing-In attacks
  • Model hop counts and hop sizes
    • In this section, we analyze hop counts as a function of locations, e.g., h = f(x, y).
    • A node’s hop count h depends on many factors, including its own location, the sink location, the positions of other nodes located towards the sink, the irregular radio range of each node, etc.
hop count based zeroing in attacks5
Hop-count-based Zeroing-In attacks
  • Model hop counts and hop sizes
    • Grid-based coverage model for WSNs.
    • In particular, the network deployment region S is divided into equal-sized small grids, and each grid contains at least one randomly positioned network node.
hop count based zeroing in attacks7
Hop-count-based Zeroing-In attacks
  • Thus, we can model hop counts as :
  • αis hop size, a coefficient describing the relationship between hop counts and distances.
  • If αis a known constant, then we can find (xs, ys) by searching for the root of the following questions :
hop count based zeroing in attacks8
Hop-count-based Zeroing-In attacks
  • Most contours are roughly concentric, but some small contours exist between two neighboring ones.
hop count based zeroing in attacks9
Hop-count-based Zeroing-In attacks
  • As a result, it takes an extra hop for the node within that fading dip region to reach the sink, and its hop size to the sink is smaller than its neighbors’. Therefore, hop sizes exhibit irregularity, as well.
hop count based zeroing in attacks10
Hop-count-based Zeroing-In attacks
  • Model hop counts and hop sizes
    • Being a variable, the distribution of αdetermines the accuracy of estimating hop counts using Eq. 1 and affects the feasibility of the Zeroing-In attacks.
    • If αhas a small variance and can be estimated, then the sink location can be considered as the point that minimizes the estimation errors using the estimation â :
hop count based zeroing in attacks11
Hop-count-based Zeroing-In attacks
  • Distribution of α
    • We denote the hop size between nodes i and j as,
    • hijis the hop count between them.
    • αis= αi (omit the subindexswhenone of the nodesis the sink)
hop count based zeroing in attacks12
Hop-count-based Zeroing-In attacks
  • Distribution of α
    • LetLij be the line segmentthatconnectsnode i and nodej
    • letpk be the projection of the k-th link ontoLij.
    • For a random pair of nodes i and j :
    • θkis the angle betweenthe line Lkk+1 and Lij, θk
    • Ikis the ID of the k-thnode on the shortestpath from nodes i to j
hop count based zeroing in attacks13
Hop-count-based Zeroing-In attacks
  • Distribution of α
    • We can predict the distribution of a as a normal distribution according to the Central Limit Theorem (CLT)
    • We carried out experiments using Castalia. We studied the hop size distribution in two node densities, e.g., 400 and 900 nodes in a 200 X 200 m square, respectively.
    • For each node density, we created 25 network topologies, and chose several random pairs in each topology to calculate the hop sizes.
hop count based zeroing in attacks14
Hop-count-based Zeroing-In attacks
  • In total, we calculated hop sizes between more than 10,000 pairs and displayed the experiment results :
  • Bell-like shape
  • Approximate normal distributions
  • The variance of the estimated hop sizes decreases when the hop count between the random node pair increases.
hop count based zeroing in attacks15
Hop-count-based Zeroing-In attacks
  • Determine the sink location
    • To launch the hop- count-based Zeroing-In attack in two steps:
      • Sampling step.
      • Zeroing-In step.
hop count based zeroing in attacks16
Hop-count-based Zeroing-In attacks
  • Determine the sink location
    • 1.Sampling step –
    • obtain , where hi is the hop count and â is the estimated hop size between the i-th adversary and the sink.
    • To estimate â ; each adversary floods a message to all other adversaries and get the hop counts between them. The â is calculated as the average hop size between i-th adversary and all other adversaries:
hop count based zeroing in attacks17
Hop-count-based Zeroing-In attacks
  • Determine the sink location
    • 2.Zeroing-In step –After obtaining m observations
    • We determine the position (xs, ys) of the sink by searching for minimizing the estimation error :
hop count based zeroing in attacks18
Hop-count-based Zeroing-In attacks
  • Determine the sink location
    • We use least squares (LS) to solve Eq. 4.
    • We start with m equations:
hop count based zeroing in attacks19
Hop-count-based Zeroing-In attacks
  • Determine the sink location
    • Assume that , subtractequation from both sides of the first m - 1 equations, we can write the derived set of linear equations in the form of Az = b with :
hop count based zeroing in attacks20
Hop-count-based Zeroing-In attacks
  • Determine the sink location
    • The least squares solution of for Eq. 5 can be calculated by
    • b^ is the estimation.
hop count based zeroing in attacks21
Hop-count-based Zeroing-In attacks
  • Adversary placement
    • (1) Whether their sample locations have impacts on the estimation errors of the sink location
    • (2) What the best strategies is to position the attackers so that the estimation errors can be reduced.
    • We assume that the attackers are aware of the deployment region without knowing the sink location.
hop count based zeroing in attacks22
Hop-count-based Zeroing-In attacks
  • Adversary placement
    • Based on Eq. 6, the sink location estimation error is bounded by
    • Matrix A+is the Moore-Penrose pseudo-inverse of A
    • eb = - b.(b is the true distance vector, and b^ is the estimated distance vector. )
    • Thus, two factors affect the sink location estimation errors: A+and eb. We now examine each factor.
hop count based zeroing in attacks23
Hop-count-based Zeroing-In attacks
  • Adversary placement
    • e
    • We denote as the true hop size between the i-th adversary and the sink
    • âas the estimated hop size using Eq. 3.
hop count based zeroing in attacks24
Hop-count-based Zeroing-In attacks
  • Adversary placement
    • The expected estimation error of is bounded by
hop count based zeroing in attacks25
Hop-count-based Zeroing-In attacks
  • Adversary placement
    • We plug the above equation into eb, and apply the assumption :
    • The expected eb is
hop count based zeroing in attacks26
Hop-count-based Zeroing-In attacks
  • Adversary placement
      • It is extremely difficult, if possible, to find a numerical solution of the global optimal adversary placement that minimizes the upper bound of E(eb).
    • To decrease the upper bound of E(eb), two heuristics can be applied:
      • The adversaries should be placed further apart from each other to increase
      • They should be place close to the sink to decrease hi.
hop count based zeroing in attacks27
Hop-count-based Zeroing-In attacks
  • Adversary placement
    • To leverage the concept of Voronoi diagram.
    • Given adversaries’ location Z = {zi} i=1...m, we can get the Voronoi diagram of Z, Vor(Z),
    • : the subdivision of the network S into m cells ,one for each adversary
hop count based zeroing in attacks28
Hop-count-based Zeroing-In attacks
  • Adversary placement
    • Define the maximum span of a cell as :
    • We aim to find a near-optimal placement for the adversaries such that dmin is bounded from above,that is, the maximum value of among all cells should be minimized.
hop count based zeroing in attacks29
Hop-count-based Zeroing-In attacks
  • Adversary placement
    • We found that the near-optimal placement for Eq. 8 follows simple symmetric patterns. We choose to show two layouts of adversaries that we will use in our experiment in Fig. 4, e.g., 5 and 8 adversary cases.
hop count based zeroing in attacks30
Hop-count-based Zeroing-In attacks
  • Adversary placement
  • A+ is a matrix determined only by the coordinates of adversaries and the results presented by Chen et al. show the pattern of m points that minimize ||A+||.
  • It turns out that their optimal patterns coincide with the near-optimal placements displayed in Fig. 4.
hop count based zeroing in attacks31
Hop-count-based Zeroing-In attacks
  • Least squares without flooding
    • In case that the adversaries cannot flood the network to estimate the hop sizes, they can estimate the sink location directly by treating hop sizes as an unknown variable e.g.,
hop count based zeroing in attacks32
Hop-count-based Zeroing-In attacks
  • Least squares without flooding
      • We re-organize Eq. 5 and write them in the form of Az=b, we have :
hop count based zeroing in attacks33
Hop-count-based Zeroing-In attacks
  • Least squares without flooding
    • Similarly, the least squares solution can be calculated by :
    • Each adversary only needs to obtain its location and the hop count associated at it to calculate A and b for sink location determination.
agenda5
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
time of arrival based zeroing in attacks
Time-of-arrival based Zeroing-In attacks
  • This ToA-based Zeroing-In attack can be used when entire packets are encrypted, and the hop count is not accessible to the adversaries.
  • Instead, adversaries can only distinguish whether two received packets are the same and witness the arrival times of packets.
time of arrival based zeroing in attacks1
Time-of-arrival based Zeroing-In attacks
  • The attack starts with m adversaries placing themselves across the network. When the sink broadcasts a controlling message at t0, the message floods throughout the network.
  • When the i-th adversary overhears the message at ti, she records the packet arrival time as ti.
  • In total, m adversaries record m data samples and collectively identify the sink location.
time of arrival based zeroing in attacks2
Time-of-arrival based Zeroing-In attacks
  • We start by assuming that messages travel in the network at a constant speed
  • Then we have m equations:
time of arrival based zeroing in attacks3
Time-of-arrival based Zeroing-In attacks
  • Eliminating the quadratic components, we can get

Az= b with:

time of arrival based zeroing in attacks4
Time-of-arrival based Zeroing-In attacks
  • To estimate the distribution of packet travel speeds s, we studied the communication in a 400-node network and a 900- node network, both deployed in the 200 x 200 m area.
  • Despite the fact that s cannot be negative, the distribution of s approximates a normal distribution N(μs,σs2 ) with N(42.90, 24.22) for the 400-node density and N(43.56, 14.40) for the 900-node case.
time of arrival based zeroing in attacks5
Time-of-arrival based Zeroing-In attacks
  • Thus, the adversaries can determine the sink location by
agenda6
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
evaluate the effectiveness of zeroing in attacks
Evaluate the effectiveness of Zeroing-In attacks
  • Evaluation metrics
  • Experiment results
    • The location of the sink
    • The network size and the number of adversaries
    • The node density
    • The attack algorithms
    • The adversary placement
evaluate the effectiveness of zeroing in attacks1
Evaluate the effectiveness of Zeroing-In attacks
  • Evaluation metrics
    • 1. Estimation accuracy
      • It indicates how well the adversaries estimate the sink location on average.
      • We define estimation accuracy as the mean error:
    • 2. Attack stability
      • It is the standard deviation of the estimation errors
evaluate the effectiveness of zeroing in attacks2
Evaluate the effectiveness of Zeroing-In attacks
  • Evaluation metrics
    • 3. Attack cost
      • It measures how much resource in terms of the number of adversaries is used.
      • Consider the extreme case where a global adversary is involved.(eavesdrops the entire network )
      • The adversary’s antenna has similar sensitivity as the one on a network node.
      • The minimum number of observation points required for a global adversary is approximately :
      • Adversaries can identify the location of the sink using a much smaller number than by performing a Zeroing-In attack.
evaluate the effectiveness of zeroing in attacks3
Evaluate the effectiveness of Zeroing-In attacks
  • Experiment results
    • We evaluated the performance of Zeroing-In attacks using Castalia 2.1b, an OMNeT++-based simulator for wireless sensor networks.
    • Given that the average node transmission range is 18m, we divided the square network area into 10 *10m grids, and placed one node randomly inside each grid.
    • We repeated our experiments in 1000 different network topologies for each factor which will affect the Zeroing-In attack performance.
evaluate the effectiveness of zeroing in attacks4
Evaluate the effectiveness of Zeroing-In attacks
  • Experiment results
    • We studied three attack strategies:
    • (1) Hop-LS, the hop-count-based Zeroing-In attack involving flooding to estimate the hop size
    • (2) Hop-LS-NF, the hop-count-based attack that treats the hop size as a variable and does not flood the network
    • (3) ToA, the time-of-arrival-based Zeroing-In attack.
evaluate the effectiveness of zeroing in attacks5
Evaluate the effectiveness of Zeroing-In attacks
  • Evaluation metrics
  • Experiment results
    • The location of the sink
    • The network size and the number of adversaries
    • The node density
    • The attack algorithms
    • The adversary placement
evaluate the effectiveness of zeroing in attacks6
Evaluate the effectiveness of Zeroing-In attacks
  • The location of the sink
    • We studied the impact of the sink location to the attack performance by considering two cases: the center case and the corner case
    • The ρein the corner case is approximately twice as the one in the center case. (The correlations among measured network metric leads to that the measurements get biased.)
evaluate the effectiveness of zeroing in attacks7
Evaluate the effectiveness of Zeroing-In attacks
  • The location of the sink
    • Thus, we randomly placed the sink anywhere inside the network region.
evaluate the effectiveness of zeroing in attacks8
Evaluate the effectiveness of Zeroing-In attacks
  • Evaluation metrics
  • Experiment results
    • The location of the sink
    • The network size and the number of adversaries
    • The node density
    • The attack algorithms
    • The adversary placement
evaluate the effectiveness of zeroing in attacks9
Evaluate the effectiveness of Zeroing-In attacks
  • The network size and the number of adversaries
    • This set of experiments aim at answering two important questions:
    • Does increasing the network size help to hide the location of the sink?
    • (2) Does increasing the number of adversaries always yield a better estimation of the sink location?
    • We studied the attack performance in three network sizes where {100, 400, 900} nodes were placed in a {100 x 100, 200 x 200, 300 x300} square, respectively.
evaluate the effectiveness of zeroing in attacks10
Evaluate the effectiveness of Zeroing-In attacks
  • The network size and the number of adversaries
    • Network size has little impact on both the mean error and the standard deviation of the attacks.
evaluate the effectiveness of zeroing in attacks11
Evaluate the effectiveness of Zeroing-In attacks
  • The network size and the number of adversaries
    • For the Hop-LS attack :
    • The mean errors decrease first, and increase when more than 5 adversaries are involved.
    • To launch Hop-LS attack: 5 adversaries provide a good trade-off between mean error and attack cost.
evaluate the effectiveness of zeroing in attacks12
Evaluate the effectiveness of Zeroing-In attacks
  • The network size and the number of adversaries
    • For the ToA attack :
    • As the number of adversary increases, the mean error and standard deviation of ToA attacks diminish monotonically.
    • Increasing the number of adversaries improves the ToA attack accuracy.
    • Hop-LS- NF attack is similar to the ToA attack.
evaluate the effectiveness of zeroing in attacks13
Evaluate the effectiveness of Zeroing-In attacks
  • Evaluation metrics
  • Experiment results
    • The location of the sink
    • The network size and the number of adversaries
    • The node density
    • The attack algorithms
    • The adversary placement
evaluate the effectiveness of zeroing in attacks14
Evaluate the effectiveness of Zeroing-In attacks
  • The node density
    • We are interested in whether increasing the number of network nodes in an area of the same size can provide a better privacy for the sink location.
    • We depicted the attack performance in two node density configurations, e.g., 400 nodes and 900 nodes in a 200 x 200 m square, in Fig. 8.
evaluate the effectiveness of zeroing in attacks15
Evaluate the effectiveness of Zeroing-In attacks
  • The node density
    • Increasing the node density will help the adversaries to determine the sink location using any of the Zeroing-In attacks.
    • E(es) is proportional to the variance of network metrics. The variance of hop size and packet travel speed in higher network density are smaller (as shown in our simulation), and thus it leads to smaller ρe.
evaluate the effectiveness of zeroing in attacks16
Evaluate the effectiveness of Zeroing-In attacks
  • Evaluation metrics
  • Experiment results
    • The location of the sink
    • The network size and the number of adversaries
    • The node density
    • The attack algorithms
    • The adversary placement
evaluate the effectiveness of zeroing in attacks17
Evaluate the effectiveness of Zeroing-In attacks
  • The attack algorithms
    • In cases when adversaries are able to obtain hop counts and flood the network to estimate the hop size, all the three types of attacks are feasible.
    • When more than 10 adversaries are involved in ToA, they can achieve higher attack performance than the Hop-LS.
    • On average the estimation error is close to one radio range.
evaluate the effectiveness of zeroing in attacks18
Evaluate the effectiveness of Zeroing-In attacks
  • The attack algorithms
    • Thus, if the hop count information is available to the adversaries, Hop-count-based attacks should be used.
    • In cases when at most 6 adversaries are available, they shall determine the sink location via Hop-LS strategies. Otherwise, Hop-LS-NF is preferred.
evaluate the effectiveness of zeroing in attacks19
Evaluate the effectiveness of Zeroing-In attacks
  • Evaluation metrics
  • Experiment results
    • The location of the sink
    • The network size and the number of adversaries
    • The node density
    • The attack algorithms
    • The adversary placement
evaluate the effectiveness of zeroing in attacks20
Evaluate the effectiveness of Zeroing-In attacks
  • The adversary placement
    • Fig. 10 shows that the near optimal pattern improves the attack accuracy in all three scenarios: 5 adversaries launching Hop-LS attack, 8 adver- saries launching Hop-LS attacks or ToA attacks.
agenda7
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
cope with zeroing in attack
Cope with Zeroing-In attack
  • We will focus on coping with ToA-based Zeroing-In attack since the hop-count-based Zeroing-In attacks can be addressed by hiding the node’s hop count in the routing announcement.
  • Approaches:
    • Random buffering
    • Directed walk
cope with zeroing in attack1
Cope with Zeroing-In attack
  • Random buffering
  • One natural defense strategy is to have every node buffer a flooding message for a random amount of time before forwarding it to the next hop
  • We can add a normal delay at each node.
  • however, It does not change the statistical relationship between the packets’ end-to-end travel time Ti and the location of a node zi,
cope with zeroing in attack2
Cope with Zeroing-In attack
  • Directed walk
    • To alter the relationship between Ti and zi, the sink can unicast the message Mf to a designated node nds located many hops away.
    • Once nds receives Mf ; it will start the flooding. The challenge of this method involves choosing nds and finding the route to ndsbecause The routing protocols in sensor networks aim at facilitating reporting data to the sink in a multi-hop fashion.
cope with zeroing in attack3
Cope with Zeroing-In attack
  • Directed walk
    • When the sink creates a flooding message, Mf ; it sets a counter hTTL in the message header to indicate how many hops away nds is located.
    • Then the sink unicasts Mf to one of its children ni. After ni receives Mf ; it first decreases the hTTL by one. If the hTTL equals 0 then ni starts to flood the message Mf : Otherwise, ni sends Mf to one of its children. This process repeats until the hTTL in Mf is reduced to zero.
cope with zeroing in attack4
Cope with Zeroing-In attack
  • Experiment evaluation
    • Directed walk of 8 hops can consistently deceive the adversaries into thinking the sink is 100 meters away from its true location.
    • Figure 11c shows that the level of protection for the sink location grows linearly when the number of hops of the designated nodes increases.
agenda8
Agenda
  • Introduction
  • System model
  • Zeroing-In attack overview
  • Hop-count-based Zeroing-In attacks
  • Time-of-arrival based Zeroing-In attacks
  • Evaluate the effectiveness of Zeroing-In attacks
  • Cope with Zeroing-In attacks
  • Concluding remarks
concluding remarks
Concluding remarks
  • In this paper, we have studied the sink location privacy problem from both the attack and the defense sides.
  • Leveraging these 2D functions to launch Zeroing-In attack (the network metrics are either minimized or maximized at the sink)
  • The Zeroing-In attacks that utilize hop counts and the packet Time-of-Arrival (ToA).
concluding remarks1
Concluding remarks
  • From the attackers’ point of view:
    • Our experiment results show that both hop-count-based attacks and ToA-based attacks can localize the sink at the accuracy level of one radio range, which is accurate enough for performing a jamming attack to disable the communication of the sink.
    • Our extensive analysis of Zeroing- In attacks shows that increasing the network size or network density cannot reduce the accuracy of the attacks.
concluding remarks2
Concluding remarks
  • From the defenders’ point of view:
    • To prevent hop-count-based attacks, one has to encrypt the routing announcements containing hop counts.
    • To address ToA-based attacks, we presented a directed-walk-based defense strategy, whereby the sink unicasts the message to a designated node nds and has nds initiate the flooding.