You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
1. INTRODUCTION<br />
only data sent to the base station is the occurrence of the event. Thus the presence<br />
of communication reveals the location of the event. In some situations, it must be<br />
hidden from an attacker. Some approaches are described in the following:<br />
Baseline and probabilistic flooding mechanisms: The basic idea of baseline<br />
flooding is for each sensor to broadcast the data it receives from one neighbor<br />
to all of its other neighbors. The premise of this approach is that all sensors<br />
participate in the data transmission so that it is unlikely for an attacker to<br />
track a path of transmission back to the data source [Kamat et al., 2005]. This<br />
can be further optimized if not every node rebroadcasts the message, only a<br />
probabilistic set of them.<br />
Random walk mechanisms: According to [Kamat et al., 2005], a random<br />
walk can be performed before the probabilistic flooding to further increase the<br />
uncertainty of the attacker. To improve simple random walk, a two-way greedy<br />
random walk(GROW) scheme was proposed in [Xi et al., 2006].<br />
Dummy data mechanism: To further protect the location of the data source,<br />
fake data packets can be introduced to perturb the traffic patterns observed by<br />
the adversary. In particular, a simple scheme called Short-lived Fake Source<br />
Routing was proposed in [Kamat et al., 2005] for each sensor to send out a fake<br />
packet with a pre-determined probability.<br />
Fake data sources mechanism: The basic idea of fake data source is to<br />
choose one or more sensor node to simulate the behavior of a real data source<br />
in order to confuse the adversaries [Mehta et al., 2007].<br />
Location privacy of base station: In a WSN, a base station is not only in<br />
charge of collecting and analyzing data, but also used as the gateway connecting the<br />
WSN with outside wireless or wired network. Consequently, destroying or isolating<br />
the base station may lead to the malfunction of the entire network. This can be<br />
circumvented if the location of the base station is unknown to the adversary.<br />
Defense against local adversaries: The location information or identifier<br />
of the base station is sent in clear in many protocols. These information must be<br />
hidden from an eavesdropper, which can be done by traditional cryptographic<br />
techniques (encryption). Another problem can be if the attacker can follow<br />
the way of packets from the source towards the base station. This can be<br />
mitigated by changing data appearance by re-encryption [Deng et al., 2006a;<br />
Dingledine et al., 2004], routing with multiple parents [Deng et al., 2005; Deng et<br />
al., 2006a], routing with random walk [Jian et al., 2007], or decorrelating parentchild<br />
relationship by randomly selecting sending time [Deng et al., 2006a].<br />
Defense against global adversaries: The techniques discussed above are<br />
inefficient against a global attacker. To fight against a global attacker the<br />
traffic patterns of the whole network must be modified. This can be done by<br />
hiding traffic pattern by controlling transmission rate [Deng et al., 2006a], or<br />
by propagating dummy data [Deng et al., 2005; Deng et al., 2006a].<br />
– Temporal privacy problem: When an adversary eavesdrops a message, it can<br />
deduce the sending time of the message from the time it eavesdropped and the TTL<br />
value. In some applications this information must be hidden. It can be done by randomly<br />
delaying the messages by the relaying nodes [Kamat et al., 2007].<br />
As it can be seen from the discussion above, a considerable amount of work has been done in the<br />
field of privacy in wireless sensor networks. However, the particular problem of location privacy<br />
of aggregator nodes received less attention. Therefore, in Chapter 4, I study this problem and<br />
propose two anonym aggregator election protocols, which can hide the identity of the aggregator<br />
nodes.<br />
6