Towards Statistically Strong Source Anonymity for Sensor Networks

Shao, Min; Yang, Yi; Zhu, Sencun; Cao, Guohong

doi:10.1109/infocom.2008.19

Cited by 158 publications

(105 citation statements)

References 16 publications

Supporting

Mentioning

104

Contrasting

Order By: Relevance

“…Source anonymity [24] is not necessary since data content is protected. Peer-to-peer communication among the nodes is not required, because nodes may not know each other for privacy reasons and such communication is nontrivial due to the mobility of nodes in mobile sensing.…”

Section: Problem Definitionmentioning

confidence: 99%

Efficient Privacy-Preserving Stream Aggregation in Mobile Sensing with Low Aggregation Error

Cao

2013

Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract. Aggregate statistics computed from time-series data contributed by individual mobile nodes can be very useful for many mobile sensing applications. Since the data from individual node may be privacy-sensitive, the aggregator should only learn the desired statistics without compromising the privacy of each node. To provide strong privacy guarantee, existing approaches add noise to each node's data and allow the aggregator to get a noisy sum aggregate. However, these approaches either have high computation cost, high communication overhead when nodes join and leave, or accumulate a large noise in the sum aggregate which means high aggregation error. In this paper, we propose a scheme for privacy-preserving aggregation of time-series data in presence of untrusted aggregator, which provides differential privacy for the sum aggregate. It leverages a novel ring-based interleaved grouping technique to efficiently deal with dynamic joins and leaves and achieve low aggregation error. Specifically, when a node joins or leaves, only a small number of nodes need to update their cryptographic keys. Also, the nodes only collectively add a small noise to the sum to ensure differential privacy, which is O(1) with respect to the number of nodes. Based on symmetric-key cryptography, our scheme is very efficient in computation.

show abstract

Section: Problem Definitionmentioning

confidence: 99%

Efficient Privacy-Preserving Stream Aggregation in Mobile Sensing with Low Aggregation Error

Cao

2013

Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…Although some researches on security of localization schemes are presented [70,71], the types of attacks and the related countermeasures are restricted to a few typi- [42] 2.48m for RSS; 1.12 for TOA O(nL) 4 anchors at corners Ecolocation (outdoor) [66] 20%D N/A 11 nodes with full connectivity Ecolocation (indoor) [66] 35%D N/A 12 anchors, 5 non-anchors Robust Quad [34] 5.18cm for ultrasound ranging N/A dg=12, total 40 nodes Multilateration [21,45] 10.67m N/A range data from 1 mobile beacon Mobile Beacon [45] 1.4m N/A 12 non-anchors, 1 mobile beacon RADAR [48] 3m N/A dg=3, 3 anchors Kernel-based Learning [49] 3.5m N/A grid deployment of 25 anchors and 81 nodes LaSLAT [51] 1.9cm for ultrasound ranging N/A dg=10, total 27 nodes cal cases. Similarly, researches on privacy of nodes' locations mostly focus on preventing the locations of data sources or base stations from being exposed to adversaries [72,73]. The existing sensor localization schemes have not been fully examined from the perspective of privacy protection.…”

Section: Security and Privacymentioning

confidence: 99%

Algorithmic Aspects of Sensor Localization

Das

Wang

Ghosh

et al. 2010

Monographs in Theoretical Computer Science. An EATCS Series

View full text Add to dashboard Cite

Identifying locations of nodes in wireless sensor networks (WSNs) is critical to both network operations and most application level tasks. Sensor nodes equipped with geographical positioning system (GPS) devices are aware of their locations at a precision level of few meters. However, installing GPS devices on a large number of sensor nodes is not only expensive but affects the form factor of these nodes. Moreover, GPS-based localization is not applicable in the indoor environments such as buildings. There exists an extensive body of research literature that aims at obtaining absolute locations as well as relative spatial locations of nodes in a WSN without requiring specialized hardware at large scale. The typical approach consists of employing only a limited number of anchor nodes that are aware of their own locations, and then trying to infer locations of non-anchor nodes using graph theoretic, geometric, statistical, optimization and machine learning techniques. Thus, the literature represents a very rich ensemble of algorithmic techniques applicable to low power, highly distributed nodes with resource-optimal computations. In this chapter we take a close look at the algorithmic aspects of various important localization techniques for WSNs.

show abstract

“…Recently, a passive global attack model has been studied [4], [5], [6], [7], where the attacker is assumed to be capable of monitoring all the network traffic by either deploying simple sensors covering the network or employing powerful site surveillance devices with hearing range no less than the network radius. With the collected network-wide traffic, the attacker can conduct traffic analysis to identify the potentially real sources.…”

Section: Introductionmentioning

confidence: 99%

“…With the collected network-wide traffic, the attacker can conduct traffic analysis to identify the potentially real sources. Under such a strong attack model, the corresponding countermeasures focus on making all sensors [4], [5], [6], [7] or k sensors [4] transmit (dummy) messages at the same or similar pattern to disguise the real source location. In general, such approaches are more robust to traffic analysis, at the cost of higher message overhead.…”

Section: Introductionmentioning

confidence: 99%

“…To demonstrate both the procedure and the effectiveness of this attack model, we apply it to two existing schemes: a statistically strong source anonymity scheme [5] (referred to as SSSA scheme hereinafter) and a k-anonymity scheme [4]. We show that although the SSSA scheme provides strong source location privacy with statistical testing, under our attack model an attacker can gain some information about the locations of real sources when the message rate of a real event becomes high.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Active Global Attack Model for Sensor Source Location Privacy: Analysis and Countermeasures

Yang

Zhu

LaPorta

2009

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Abstract-Source locations of events are sensitive contextual information that needs to be protected in sensor networks. Previous work focuses on either an active local attacker that traces back to a real source in a hop-by-hop fashion, or a passive global attacker that eavesdrops/analyzes all network traffic to discover real sources. An active global attack model, which is more realistic and powerful than current ones, has not been studied yet. In this paper, we not only formalize this strong attack model, but also propose countermeasures against it.As case studies, we first apply such an attack model to previous schemes, with results indicating that even these theoretically sound constructions are vulnerable consequently. We then propose a lightweight dynamic source anonymity scheme that seamlessly switches from a statistically strong source anonymity scheme to a k-anonymity scheme on demand. Moreover, we enhance the traditional k-anonymity scheme with a spatial ldiversity capability by cautiously placing fake sources, to thwart attacker's on-site examinations. Simulation results demonstrate that the attacker's gain in our scheme is greatly reduced when compared to the k-anonymity scheme.

show abstract

Towards Statistically Strong Source Anonymity for Sensor Networks

Cited by 158 publications

References 16 publications

Efficient Privacy-Preserving Stream Aggregation in Mobile Sensing with Low Aggregation Error

Efficient Privacy-Preserving Stream Aggregation in Mobile Sensing with Low Aggregation Error

Algorithmic Aspects of Sensor Localization

An Active Global Attack Model for Sensor Source Location Privacy: Analysis and Countermeasures

Contact Info

Product

Resources

About