- By
**arnie** - Follow User

- 131 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'Adviser: Frank,Yeong -Sung Lin Present by Chris Chang' - arnie

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Determining sink location through Zeroing-In attackers in wireless sensor networksZhenhua Liu • WenyuanXu

AgendaAgendaAgendaAgendaEvaluate the effectiveness of Zeroing-In attacks Evaluate the effectiveness of Zeroing-In attacks Evaluate the effectiveness of Zeroing-In attacks AgendaAgenda

Adviser: Frank,Yeong-Sung Lin

Present by Chris Chang

Agenda

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

Agenda

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

Introduction

- Wireless sensor networks (WSNs) have been deployed for a wide variety of applications:
- Animal habitat monitoring
- Critical infrastructure monitoring
- Target tracking
- Battle field surveillance

Introduction

- Typically, those wireless sensor networks consist of :
- Alarge collection of low power and resource-constrained sensor nodes that monitor the underlying physical phenomena.
- A small set of base stations, aka. sinks, that collect sensor measurements in a multi-hop fashion.

Introduction

- A many-to-one communication pattern lead to the fact that adversaries can easily leverage the sink location information to launch a series of attacks interrupting the network communication.
- After obtaining the sink location information…
- Adversary can destroy the sinks physically by human intervention, such as hammering them.
- This pattern also makes sinks the ideal spots to sniff packets for off-line analysis or the initial points to launch attacks.

Introduction

- In this paper , we focus on studying the sink location privacy issue.
- Several attacks have been proposed to determine the locations of sinks:
- trace-back attacks
- traffic analysis attacks

Introduction

- Most of them assume resource-intensive adversaries:
- Some require the adversary to equip with special radio devices that can measure the angle of arrival
- Some require the adversary to have a global view by deploying its own sensors throughout the network

Introduction

- In this paper, we focus on studying the sink location privacy problem in the presence of budget adversaries.
- We assume that budget adversaries do not have specialized radio devices, nor are they able to monitor the entire networks simultaneously.

Introduction

- Several network metrics are two dimensional (2D) functions of locations in the network, and their values either maximize or minimize at the sink.

Introduction

- From the attackers’ point of view:
- A few resource-constrained attackers can launch Zeroing-In attacks, whereby each of them samples her local network metric and collectively they can derive the locations of the sinks by combining their measurements.

Introduction

- From the defenders’ point of view:
- The network should design a routing protocol that can break the correlation between the network metric extreme value.
- Due to highly constrained resources(wireless network), we design a light-weighted routing protocol to cope with Zeroing-In attacks.

Agenda

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

System model

- Network model
- Adversary model

System model (Network model)

- Many-to-one data dissemination:
- The sensor network utilizing the popular many-to-one data dissemination methods, whereby the sink is connected to a large portion of the sensor nodes.
- Without loss of generality, we assume that there is only one sink in the network. (our work can also be applied to networks with multiple sinks local extrema

System model (Network model)

- Tree-based routing schemes:
- We focus on tree-based routing schemes, a popular family of routing protocols whereby the network establishes and maintains a forwarding tree rooted at the sink.
- This forwarding tree is often built with the assistance of hop counts, i.e., the number of hops from the sink.

System model (Network model)

- Broadcast enabled:
- We assume that the sink will flood the network with controlling commands or query requests from time to time.
- Homogeneous networks:
- Finally, each node uses the same type of hardware platform and sends messages at the same transmission power level. As a result, they have a similar radio range.

System model (Adversary model)

- Eavesdrop-enabled:
- Adversaries have the same radio devices as network nodes for eavesdropping.
- Although the adversaries are unable to decipher packet contents, they are able to record the time that they witness a packet.
- Resource-limited:
- Adversaries are not equipped with specialized radio devices, such as spectrum analyzers or super sensitive antenna arrays.
- Adversaries cannot afford to deploy their own sensor network to monitor the entire network

System model (Adversary model)

- Able to collude:
- Multiple adversaries are available.
- They collude with each other to infer the location of the sink by sharing their local views
- Location-aware:
- Each adversary is able to determine its own location.
- Protocol-aware:
- Adversaries know the networking and privacy-related protocols used in the sensor networks.

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

Zeroing-In attack overview

- In this section, we overview the proposed ‘‘Zeroing-In’’ attacks.
- Several metrics in a sensor network are functions of locations. Typically, moving towards the sink either increases the values of those network metrics or decreases them monotonically.

Zeroing-In attack overview

- For instance :
- Hop count : is the smallest number of intermediate nodes a packet has to traverse in order to reach the sink. The hop count associated with a network node decreases as the node becomes closer to the sink, and it becomes zero at the sink.
- Traffic rate :is the number of packet transmissions in a unit time in a region. It increases as the distance to the sink decreases and reaches maxima at the sink.

Zeroing-In attack overview

- Thus, from the attackers’ point of view, the problem of determining sink location becomes a problem of finding the extremum (maximum or minimum) of those functions.
- Without loss of generality, in this paper, we focus on network metrics that minimize at the sink.

Zeroing-In attack overview

- To identify the position of the sink leveraging 2D models of the network metrics, ‘‘Zeroing-In’’ attacks consist of two steps:
- Sampling step.
- Zeroing-In step.

Zeroing-In attack overview

- Sampling step:
- madversaries place themselves in an area S within which the network is deployed.
- The coordinates of the i-th adversary as zi = (xi, yi), and the i-th observation as a tuple (xi, yi, hi), where hi is a network metric.
- The network metric hi is either the hop count or the arrival time of a packet at (xi, yi).

Zeroing-In attack overview

- Zeroing-In step:
- Goal : Identify the position of the sink.
- Adversaries first determine the 2D network metric function h = f(x, y) by analyzing m observations：
- Find the sink location zs = (xs, ys) as the point where f(x, y) reaches the minimum :

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

Hop-count-based Zeroing-In attacks

- Assumption:
- We consider the adversaries that can acquire the hop count of any node in the network but is limited to acquiring the hop count at one location once.
- We assume that adversaries can inject broadcast packets to the network to estimate the hop count between them.

Hop-count-based Zeroing-In attacks

- To illustrate the attacks, we start by providing a brief description on the tree-based routing protocol that is implemented in TinyOS 1.x, an operating system for sensor networks.

Hop-count-based Zeroing-In attacks

- Tree-based routing protocol :
- Eventually a shortest-path-based routing tree is formed with the sink node serving as the root of the tree.
- To build the routing tree, each node selects its routing parent as the neighbor that contains the smallest hop count, and then it announces its hop count, which is one greater than its parent’s.
- To make the underlying routing tree adaptive to topology changes, nodes periodically broadcast routing announcements, which include the ID of the origin and the hop count in plaintext.

Hop-count-based Zeroing-In attacks

- Model hop counts and hop sizes
- Distribution of α
- Determine the sink location
- Adversary placement
- Least squares without flooding

Hop-count-based Zeroing-In attacks

- Model hop counts and hop sizes
- In this section, we analyze hop counts as a function of locations, e.g., h = f(x, y).
- A node’s hop count h depends on many factors, including its own location, the sink location, the positions of other nodes located towards the sink, the irregular radio range of each node, etc.

Hop-count-based Zeroing-In attacks

- Model hop counts and hop sizes
- Grid-based coverage model for WSNs.
- In particular, the network deployment region S is divided into equal-sized small grids, and each grid contains at least one randomly positioned network node.

Hop-count-based Zeroing-In attacks

- Thus, we can model hop counts as :
- αis hop size, a coefficient describing the relationship between hop counts and distances.
- If αis a known constant, then we can find (xs, ys) by searching for the root of the following questions :

Hop-count-based Zeroing-In attacks

- Most contours are roughly concentric, but some small contours exist between two neighboring ones.

Hop-count-based Zeroing-In attacks

- As a result, it takes an extra hop for the node within that fading dip region to reach the sink, and its hop size to the sink is smaller than its neighbors’. Therefore, hop sizes exhibit irregularity, as well.

Hop-count-based Zeroing-In attacks

- Model hop counts and hop sizes
- Being a variable, the distribution of αdetermines the accuracy of estimating hop counts using Eq. 1 and affects the feasibility of the Zeroing-In attacks.
- If αhas a small variance and can be estimated, then the sink location can be considered as the point that minimizes the estimation errors using the estimation â :

Hop-count-based Zeroing-In attacks

- Distribution of α
- We denote the hop size between nodes i and j as,
- hijis the hop count between them.
- αis= αi (omit the subindexswhenone of the nodesis the sink)

Hop-count-based Zeroing-In attacks

- Distribution of α
- LetLij be the line segmentthatconnectsnode i and nodej
- letpk be the projection of the k-th link ontoLij.
- For a random pair of nodes i and j :
- θkis the angle betweenthe line Lkk+1 and Lij, θk
- Ikis the ID of the k-thnode on the shortestpath from nodes i to j

Hop-count-based Zeroing-In attacks

- Distribution of α
- We can predict the distribution of a as a normal distribution according to the Central Limit Theorem (CLT)
- We carried out experiments using Castalia. We studied the hop size distribution in two node densities, e.g., 400 and 900 nodes in a 200 X 200 m square, respectively.
- For each node density, we created 25 network topologies, and chose several random pairs in each topology to calculate the hop sizes.

Hop-count-based Zeroing-In attacks

- In total, we calculated hop sizes between more than 10,000 pairs and displayed the experiment results :
- Bell-like shape
- Approximate normal distributions
- The variance of the estimated hop sizes decreases when the hop count between the random node pair increases.

Hop-count-based Zeroing-In attacks

- Determine the sink location
- To launch the hop- count-based Zeroing-In attack in two steps:
- Sampling step.
- Zeroing-In step.

Hop-count-based Zeroing-In attacks

- Determine the sink location
- 1.Sampling step –
- obtain , where hi is the hop count and â is the estimated hop size between the i-th adversary and the sink.
- To estimate â ; each adversary floods a message to all other adversaries and get the hop counts between them. The â is calculated as the average hop size between i-th adversary and all other adversaries:

Hop-count-based Zeroing-In attacks

- Determine the sink location
- 2.Zeroing-In step –After obtaining m observations
- We determine the position (xs, ys) of the sink by searching for minimizing the estimation error :

Hop-count-based Zeroing-In attacks

- Determine the sink location
- We use least squares (LS) to solve Eq. 4.
- We start with m equations:

Hop-count-based Zeroing-In attacks

- Determine the sink location
- Assume that , subtractequation from both sides of the first m - 1 equations, we can write the derived set of linear equations in the form of Az = b with :

Hop-count-based Zeroing-In attacks

- Determine the sink location
- The least squares solution of for Eq. 5 can be calculated by
- b^ is the estimation.

Hop-count-based Zeroing-In attacks

- Adversary placement
- (1) Whether their sample locations have impacts on the estimation errors of the sink location
- (2) What the best strategies is to position the attackers so that the estimation errors can be reduced.
- We assume that the attackers are aware of the deployment region without knowing the sink location.

Hop-count-based Zeroing-In attacks

- Adversary placement
- Based on Eq. 6, the sink location estimation error is bounded by
- Matrix A+is the Moore-Penrose pseudo-inverse of A
- eb = - b.(b is the true distance vector, and b^ is the estimated distance vector. )
- Thus, two factors affect the sink location estimation errors: A+and eb. We now examine each factor.

Hop-count-based Zeroing-In attacks

- Adversary placement
- e
- We denote as the true hop size between the i-th adversary and the sink
- âas the estimated hop size using Eq. 3.

Hop-count-based Zeroing-In attacks

- Adversary placement
- The expected estimation error of is bounded by

Hop-count-based Zeroing-In attacks

- Adversary placement
- We plug the above equation into eb, and apply the assumption :
- The expected eb is

Hop-count-based Zeroing-In attacks

- Adversary placement
- It is extremely difficult, if possible, to find a numerical solution of the global optimal adversary placement that minimizes the upper bound of E(eb).
- To decrease the upper bound of E(eb), two heuristics can be applied:
- The adversaries should be placed further apart from each other to increase
- They should be place close to the sink to decrease hi.

Hop-count-based Zeroing-In attacks

- Adversary placement
- To leverage the concept of Voronoi diagram.
- Given adversaries’ location Z = {zi} i=1...m, we can get the Voronoi diagram of Z, Vor(Z),
- : the subdivision of the network S into m cells ,one for each adversary

Hop-count-based Zeroing-In attacks

- Adversary placement
- Define the maximum span of a cell as :
- We aim to find a near-optimal placement for the adversaries such that dmin is bounded from above,that is, the maximum value of among all cells should be minimized.

Hop-count-based Zeroing-In attacks

- Adversary placement
- We found that the near-optimal placement for Eq. 8 follows simple symmetric patterns. We choose to show two layouts of adversaries that we will use in our experiment in Fig. 4, e.g., 5 and 8 adversary cases.

Hop-count-based Zeroing-In attacks

- Adversary placement
- A+ is a matrix determined only by the coordinates of adversaries and the results presented by Chen et al. show the pattern of m points that minimize ||A+||.
- It turns out that their optimal patterns coincide with the near-optimal placements displayed in Fig. 4.

Hop-count-based Zeroing-In attacks

- Least squares without flooding
- In case that the adversaries cannot flood the network to estimate the hop sizes, they can estimate the sink location directly by treating hop sizes as an unknown variable e.g.,

Hop-count-based Zeroing-In attacks

- Least squares without flooding
- We re-organize Eq. 5 and write them in the form of Az=b, we have :

Hop-count-based Zeroing-In attacks

- Least squares without flooding
- Similarly, the least squares solution can be calculated by :
- Each adversary only needs to obtain its location and the hop count associated at it to calculate A and b for sink location determination.

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

Time-of-arrival based Zeroing-In attacks

- This ToA-based Zeroing-In attack can be used when entire packets are encrypted, and the hop count is not accessible to the adversaries.
- Instead, adversaries can only distinguish whether two received packets are the same and witness the arrival times of packets.

Time-of-arrival based Zeroing-In attacks

- The attack starts with m adversaries placing themselves across the network. When the sink broadcasts a controlling message at t0, the message floods throughout the network.
- When the i-th adversary overhears the message at ti, she records the packet arrival time as ti.
- In total, m adversaries record m data samples and collectively identify the sink location.

Time-of-arrival based Zeroing-In attacks

- We start by assuming that messages travel in the network at a constant speed
- Then we have m equations:

Time-of-arrival based Zeroing-In attacks

- Eliminating the quadratic components, we can get

Az= b with:

Time-of-arrival based Zeroing-In attacks

- To estimate the distribution of packet travel speeds s, we studied the communication in a 400-node network and a 900- node network, both deployed in the 200 x 200 m area.
- Despite the fact that s cannot be negative, the distribution of s approximates a normal distribution N(μs,σs2 ) with N(42.90, 24.22) for the 400-node density and N(43.56, 14.40) for the 900-node case.

Time-of-arrival based Zeroing-In attacks

- Thus, the adversaries can determine the sink location by

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

Evaluate the effectiveness of Zeroing-In attacks

- Evaluation metrics
- Experiment results
- The location of the sink
- The network size and the number of adversaries
- The node density
- The attack algorithms
- The adversary placement

Evaluate the effectiveness of Zeroing-In attacks

- Evaluation metrics
- 1. Estimation accuracy
- It indicates how well the adversaries estimate the sink location on average.
- We define estimation accuracy as the mean error:
- 2. Attack stability
- It is the standard deviation of the estimation errors

Evaluate the effectiveness of Zeroing-In attacks

- Evaluation metrics
- 3. Attack cost
- It measures how much resource in terms of the number of adversaries is used.
- Consider the extreme case where a global adversary is involved.(eavesdrops the entire network )
- The adversary’s antenna has similar sensitivity as the one on a network node.
- The minimum number of observation points required for a global adversary is approximately :
- Adversaries can identify the location of the sink using a much smaller number than by performing a Zeroing-In attack.

Evaluate the effectiveness of Zeroing-In attacks

- Experiment results
- We evaluated the performance of Zeroing-In attacks using Castalia 2.1b, an OMNeT++-based simulator for wireless sensor networks.
- Given that the average node transmission range is 18m, we divided the square network area into 10 *10m grids, and placed one node randomly inside each grid.
- We repeated our experiments in 1000 different network topologies for each factor which will affect the Zeroing-In attack performance.

Evaluate the effectiveness of Zeroing-In attacks

- Experiment results
- We studied three attack strategies:
- (1) Hop-LS, the hop-count-based Zeroing-In attack involving flooding to estimate the hop size
- (2) Hop-LS-NF, the hop-count-based attack that treats the hop size as a variable and does not flood the network
- (3) ToA, the time-of-arrival-based Zeroing-In attack.

Evaluate the effectiveness of Zeroing-In attacks

- Evaluation metrics
- Experiment results
- The location of the sink
- The network size and the number of adversaries
- The node density
- The attack algorithms
- The adversary placement

Evaluate the effectiveness of Zeroing-In attacks

- The location of the sink
- We studied the impact of the sink location to the attack performance by considering two cases: the center case and the corner case
- The ρein the corner case is approximately twice as the one in the center case. (The correlations among measured network metric leads to that the measurements get biased.)

Evaluate the effectiveness of Zeroing-In attacks

- The location of the sink
- Thus, we randomly placed the sink anywhere inside the network region.

Evaluate the effectiveness of Zeroing-In attacks

- Evaluation metrics
- Experiment results
- The location of the sink
- The network size and the number of adversaries
- The node density
- The attack algorithms
- The adversary placement

Evaluate the effectiveness of Zeroing-In attacks

- The network size and the number of adversaries
- This set of experiments aim at answering two important questions:
- Does increasing the network size help to hide the location of the sink?
- (2) Does increasing the number of adversaries always yield a better estimation of the sink location?
- We studied the attack performance in three network sizes where {100, 400, 900} nodes were placed in a {100 x 100, 200 x 200, 300 x300} square, respectively.

Evaluate the effectiveness of Zeroing-In attacks

- The network size and the number of adversaries
- Network size has little impact on both the mean error and the standard deviation of the attacks.

Evaluate the effectiveness of Zeroing-In attacks

- The network size and the number of adversaries
- For the Hop-LS attack :
- The mean errors decrease first, and increase when more than 5 adversaries are involved.
- To launch Hop-LS attack: 5 adversaries provide a good trade-off between mean error and attack cost.

Evaluate the effectiveness of Zeroing-In attacks

- The network size and the number of adversaries
- For the ToA attack :
- As the number of adversary increases, the mean error and standard deviation of ToA attacks diminish monotonically.
- Increasing the number of adversaries improves the ToA attack accuracy.
- Hop-LS- NF attack is similar to the ToA attack.

- Evaluation metrics
- Experiment results
- The location of the sink
- The network size and the number of adversaries
- The node density
- The attack algorithms
- The adversary placement

Evaluate the effectiveness of Zeroing-In attacks

- The node density
- We are interested in whether increasing the number of network nodes in an area of the same size can provide a better privacy for the sink location.
- We depicted the attack performance in two node density configurations, e.g., 400 nodes and 900 nodes in a 200 x 200 m square, in Fig. 8.

Evaluate the effectiveness of Zeroing-In attacks

- The node density
- Increasing the node density will help the adversaries to determine the sink location using any of the Zeroing-In attacks.
- E(es) is proportional to the variance of network metrics. The variance of hop size and packet travel speed in higher network density are smaller (as shown in our simulation), and thus it leads to smaller ρe.

- Evaluation metrics
- Experiment results
- The location of the sink
- The network size and the number of adversaries
- The node density
- The attack algorithms
- The adversary placement

Evaluate the effectiveness of Zeroing-In attacks

- The attack algorithms
- In cases when adversaries are able to obtain hop counts and flood the network to estimate the hop size, all the three types of attacks are feasible.
- When more than 10 adversaries are involved in ToA, they can achieve higher attack performance than the Hop-LS.
- On average the estimation error is close to one radio range.

Evaluate the effectiveness of Zeroing-In attacks

- The attack algorithms
- Thus, if the hop count information is available to the adversaries, Hop-count-based attacks should be used.
- In cases when at most 6 adversaries are available, they shall determine the sink location via Hop-LS strategies. Otherwise, Hop-LS-NF is preferred.

- Evaluation metrics
- Experiment results
- The location of the sink
- The network size and the number of adversaries
- The node density
- The attack algorithms
- The adversary placement

Evaluate the effectiveness of Zeroing-In attacks

- The adversary placement
- Fig. 10 shows that the near optimal pattern improves the attack accuracy in all three scenarios: 5 adversaries launching Hop-LS attack, 8 adver- saries launching Hop-LS attacks or ToA attacks.

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

Cope with Zeroing-In attack

- We will focus on coping with ToA-based Zeroing-In attack since the hop-count-based Zeroing-In attacks can be addressed by hiding the node’s hop count in the routing announcement.
- Approaches:
- Random buffering
- Directed walk

Cope with Zeroing-In attack

- Random buffering
- One natural defense strategy is to have every node buffer a flooding message for a random amount of time before forwarding it to the next hop
- We can add a normal delay at each node.
- however, It does not change the statistical relationship between the packets’ end-to-end travel time Ti and the location of a node zi,

Cope with Zeroing-In attack

- Directed walk
- To alter the relationship between Ti and zi, the sink can unicast the message Mf to a designated node nds located many hops away.
- Once nds receives Mf ; it will start the flooding. The challenge of this method involves choosing nds and finding the route to ndsbecause The routing protocols in sensor networks aim at facilitating reporting data to the sink in a multi-hop fashion.

Cope with Zeroing-In attack

- Directed walk
- When the sink creates a flooding message, Mf ; it sets a counter hTTL in the message header to indicate how many hops away nds is located.
- Then the sink unicasts Mf to one of its children ni. After ni receives Mf ; it first decreases the hTTL by one. If the hTTL equals 0 then ni starts to flood the message Mf : Otherwise, ni sends Mf to one of its children. This process repeats until the hTTL in Mf is reduced to zero.

Cope with Zeroing-In attack

- Experiment evaluation
- Directed walk of 8 hops can consistently deceive the adversaries into thinking the sink is 100 meters away from its true location.
- Figure 11c shows that the level of protection for the sink location grows linearly when the number of hops of the designated nodes increases.

- Introduction
- System model
- Zeroing-In attack overview
- Hop-count-based Zeroing-In attacks
- Time-of-arrival based Zeroing-In attacks
- Evaluate the effectiveness of Zeroing-In attacks
- Cope with Zeroing-In attacks
- Concluding remarks

Concluding remarks

- In this paper, we have studied the sink location privacy problem from both the attack and the defense sides.
- Leveraging these 2D functions to launch Zeroing-In attack (the network metrics are either minimized or maximized at the sink)
- The Zeroing-In attacks that utilize hop counts and the packet Time-of-Arrival (ToA).

Concluding remarks

- From the attackers’ point of view:
- Our experiment results show that both hop-count-based attacks and ToA-based attacks can localize the sink at the accuracy level of one radio range, which is accurate enough for performing a jamming attack to disable the communication of the sink.
- Our extensive analysis of Zeroing- In attacks shows that increasing the network size or network density cannot reduce the accuracy of the attacks.

Concluding remarks

- From the defenders’ point of view:
- To prevent hop-count-based attacks, one has to encrypt the routing announcements containing hop counts.
- To address ToA-based attacks, we presented a directed-walk-based defense strategy, whereby the sink unicasts the message to a designated node nds and has nds initiate the flooding.

Download Presentation

Connecting to Server..