Anti-traffic analysis attack for location privacy in WSNs
© Di Ying et al.; licensee Springer. 2014
Received: 25 November 2013
Accepted: 21 July 2014
Published: 13 August 2014
Traditional encryption and authentication methods are not effective in preserving a sink's location privacy from a global adversary that is monitoring the network traffic. In this paper, we first propose a novel anti-traffic analysis (ATA) method to preserve the sink's location privacy. In order to confuse a local or global adversary, each node generates dummy messages, the number of which is dependent on the number of the node's children. Hence, ATA is able to prevent the adversary from acquiring valuable information on the sink's location through the traffic analysis attack. However, a larger number of dummy messages lead to consumption of extra energy. Then, we design our improved ATA (IATA) in such a way that we select some sensors to act as fake sinks, to ensure that sensors around fake sinks generate dummy messages and discard received dummy messages. Since the problem of the optimal fake sinks' placement is nondeterministic polynomial time (NP)-hard, we employ local search heuristics based on network traffic and security entropy. Performance analysis of the ATA scheme can protect the sink's location privacy, and IATA scheme can reduce energy consumption.
Wireless sensor networks (WSNs) are deployed to support the sensing and communication needs of the deploying entity. Due to the broadcasting nature of wireless communication medium, adversaries can eavesdrop on network traffic to obtain valuable information. Existing security technologies cannot always protect the cyber-security needs of users and the run applications, in terms of data confidentially and integrity and user privacy and anonymity. Network traffic analysis can be used by an adversary to extra important information related to the node location, functionality, and identity. Traffic patterns of WSNs can reveal a great deal of contextual information, which can disclose the location of critical nodes. For example, sensing data are transmitted along relatively fixed paths connecting source nodes to a sink. This produces quite easily identifiable traffic patterns that reveal a sink's location. In addition, the sensing nodes having one-hop distance from the sink have to forward a significantly greater volume of packets, since they have to route all the traffic generated by all those nodes that are farther than nodes having one-hop away from the sink. An adversary having a global view of WSN's traffic activity can deduce the location of the sink by observing and analyzing the traffic volume distribution within WSN's coverage area for an adequately long time interval. Discovery of a sink's location may allow the adversary to launch precise physical and cyber attacks against the sink and thereby disable the network.
Evidently, location privacy is very important, especially for unattended WSN deployments in harsh or hostile environments. Recently, a number of location privacy protection methods have been developed for sensor networks, to resist the various types of traffic analysis attacks (e.g., those based on monitoring traffic patterns, traffic rates, and traffic volumes). Most of them are designed to protect source location privacy against an adversary that is only capable of eavesdropping on a limited portion of the network at a time [1–4]. However, the contributions in the current literatures related to a sink's location privacy are limited [5–7]. These methods involve multipath routing, fake message injection; however, those techniques become ineffective in the presence of a global adversary.
In order to prevent traffic analysis attacks by the global adversary, we propose an anti-traffic analysis (ATA) approach to protect the sink's location privacy by artificially homogenizing traffic intensity. In order to confuse a local or global adversary, each node generates dummy messages. The number of dummy messages is dependent on the number of the node's children (A node ‘X’ whose messages to the sink have to pass through node ‘Y’ is considered as ‘child or kid’ of ‘Y’.). This approach is able to hide the sink's location. Performance analysis shows that our ATA can protect the sink's location under the global adversary by launching traffic analysis attacks.
The design of a new ATA scheme that protects sink's location privacy is provided. To do so, ATA homogenizes artificially the traffic intensity distribution over the coverage area of the WSN. It consists of a new topology discovery protocol and a novel technique that evens out WSN's traffic volume distribution over its coverage area.
An IATA is proposed to reduce extra energy induced by dummy messages. This IATA chooses some sensors instead of all sensors to imitate sink's behaviors; thus, it can provide a trade-off between the protection strength and the communication overhead.
Performance evaluation conducted through computer simulations confirms the worthiness of the proposed technology. Our two approaches for protecting the sink's location privacy have distinct properties that make them suitable for different applications. The remainder of the paper is organized as follows. In Section 2, the related work is surveyed. Section 3 presents goals. Section 4 provides our ATA approach, and then performance analysis is given. Section 5 further proposes an IATA approach. Section 6 gives simulation performances of the ATA scheme and the IATA scheme. Finally, Section 7 concludes the paper.
2. Related work
Source nodes' location privacy protection
Several schemes dealing with the source nodes' location privacy can be found in [2, 4, 14–22]. For example, Kamat et al.  proposed the phantom flooding protocol transmission of a packet to defend against an external adversary. It forwards packets from the source node to the sink using a random-walk-based approach. Yang et al.  used a proxy-based filtering method. Some sensors are selected as source proxies to collect and filter dummy messages. This method reduces the communication cost by dropping many dummy messages while providing source event unobservability. Xi et al.  proposes the sink region routing method. In this case, the source node selects an intermediate node within a designated area close to the sink node. The area should be large enough to make it impossible for a local attacker to monitor the entire region. The techniques described in  and  cannot protect against the global attacker.
Sink's location privacy protection
A variety of approaches have been used for this purpose, such as fake message injection, randomization of forwarding delay, and use of fake sinks in order to hide the real sinks' positions [3, 5, 6, 23–33]. For example, Nezhad et al.  proposed an anonymous topology discovery protocol where all nodes were allowed to forward route discovery messages and incoming/outgoing labels assigned to nodes. This method hides the location of a sink. However, a route discovery message may fail to discover all sensors since only one copy of this message is forwarded by each node; in other words, this protocol may lead to some sensors becoming isolated or separated from the network. Compared to , in the topology discovery phase of our proposed ATA scheme, the sink broadcasts a message which requests for establishing a routing tree; thus, our ATA can avoid some areas which have isolated nodes.
Li et al.  proposed an intelligent fake packet injection scheme based on the random walk. This scheme provides a balance between the packet delivery latency and the sink's location privacy. Yao et al.  and Chen et al.  studied further the random-walk approach of . However, Li et al., Yao, and Chen and Lou [31–33] cannot resist passive traffic analysis attacks under a global attacker. Compared to [31–33], our ATA scheme uses fake messages instead of the random-walk method and makes each node have the same traffic volume. Thus, our scheme ATA can resist traffic analysis attacks launched by a global attacker. Ebrahimi et al.  attempted to protect the sink's location privacy by having the sensors located in low-traffic-activity areas to send fake packets, in order to distract the attention of the local adversary. Compared to , our ATA scheme does not only make sensors in lower-traffic-activity areas generate fake messages, but also let nodes close to the sink generate dummy messages. Thus, our ATA scheme can prevent traffic analysis attacks under a global attacker.
In , dummy sinks are introduced to confuse an adversary from tracking a packet as it moves towards a sink node. Although the inclusion of dummy sinks can protect a sensor network from local adversaries, it is not effective in the case of a global adversary, since global traffic analysis will allow the identification of all fake and real sinks, and the adversary can neutralize all of them. In , Mehta et al. proposed to create multiple candidate traffic traces going to the established fake sinks in order to hide the traffic aggregating around real sinks. Similarly to , whenever a fake sink receives a packet and broadcasts it locally, it will make the attacker believe that a real sink could be in the range of the fake sink. This method cannot protect the real sink adequately. Besides, this scheme cannot prevent the time correlation attack and rate monitoring attack. Compared to [5, 26], our proposed ATA scheme makes each node have the same traffic volume. Thus, our scheme can hide the sink location completely.
Bicakci et al.  made all nodes including the sink to equalize the values of their total incoming and outgoing flows. Data generated by each node is destined not only to the sink but also to every other node in the network. This scheme consumes the significant amount of energy and has quite high needs in terms of processing and memory. Compared to , our ATA performances are much better; it is scalable and also protects privacy. The reason for having superior performances will be understood after the protocol becomes described. Ying et al.  designed a concealing sink location (CSL) protocol that made a node generate the same traffic volume with the sink's neighbors by transmitting a number of fake messages. This feature enables CSL to prevent the traffic analysis attack launched by a global adversary. However, the design of CSL protocol is based on the following assumptions: (i) Sensors are deployed within a circular area. (ii) The deployment is done according to a uniform distribution. (iii) The sink is located at the center of the sensor deployment area. Such conditions are restrictive and do not apply to many cases of WSN deployments. Compared to , our protocol can remove some of CSL's drawbacks. In this case, a node generates fake messages according to the total number of nodes whose routing path to the sink passes the node (we have named them as ‘kids’ of the node). This removes the above assumptions from CSL.
Differences among literatures
Type of attacker it can defend against
Time correlation attack
Rate monitoring attack
Local and global
Local and global
Local and global
Proposed ATA scheme
Local and global
3. Design goals
Protecting the sink's location privacy under the global attack model is challenging. We can encrypt and authenticate all packets during their forwarding to prevent content privacy ; however, this cannot solve the traffic analysis attack threat [1, 35]. For example, traffic patterns of WSNs can disclose valuable statistical information that exposes the location of sink(s), thus jeopardizing their location privacy. Current literatures describe techniques that employ fake sink(s) [5, 26], dummy messages , dummy trajectories , random message forwarding delay , multipath  routing, and false distances between nodes to the sink(s) . However, all existing methods have one or more of the following problems: (1) Some of them only can resist traffic analysis attacks launched by a local attacker, not a global one. (2) Even those capable of defending against rate monitoring attack lunched by a global attacker cannot prevent the disclosure of statistical information that can be explored by other forms of traffic analysis attacks such time correlation or traffic volume attack. (3) There is a trade-off between communication/computation/consumption cost and offered security/privacy level. Use of dummy traffic  increases significantly the volume of network traffic, thus increasing the communication, computation, and energy consumption costs. The goal we set for this work is to come up with a technology capable of defending sink(s) location privacy, even when the global attacker applies all the abovementioned kinds of traffic analysis attack simultaneously. In our design, we take into consideration the importance of minimizing the network traffic to allow use of lightweight processing hardware/software by the sensors and operation under high energy efficiency.
Without loss of generality and for making the understanding of the proposed technique easier to the reader, we consider that the WSN has a single sink. The traffic analysis attack model has the following properties: (1) The attacker is passive, external, and global. This is realistic [14, 22, 25, 26, 30], and previous works investigate the problem of location privacy under the global and passive attacker [14, 22, 25, 26, 30]. The global attacker is capable of monitoring all the network traffic by deploying traffic-monitoring devices (e.g., BlueRadios SMT Module, BlueRadios, Inc., Englewood, CO, USA) within the area the WSN cbnh99overs. Note that, at the current price for a BlueRadios SMT Module at $25, the attacker needs only $25,000 to build a network of 1,000 nodes [39–41]. What is more, the number of nodes can typically be smaller than the number of nodes in the target network as they monitor wireless radio signals instead of directly sensing the environment. Thus, for even moderately valuable location information, this can be worth the cost. (2) The attacker cannot distinguish between actual information carrying messages and those carrying fake information or other types of data (e.g., routing-tree formation messages). This is a valid assumption when all messages are encrypted, e.g., by using pair-wise secret keys .
4. Anti-traffic analysis protocol
Definition of notations
Real data message
Fake data message
Number of kids node i has
Number of fake messages generated by node i
The (average) generation rate of RDM messages per unit of time each node generates
X × Y
2 dimensional deployment area (m)
Sensors' communication range
x (i), y (i)
Location of a node i or a sink i
Total number of nodes in the network
Largest amount of traffic volume among the traffic volumes generated by the real sink's neighbors
Largest amount of traffic volume in the traffic volumes generated by nodes from (ϵ + 1) hops from the real sink
Number of hops forming the routing path from node i to the real sink
Size of the longest routing path from a source to real sink that is formed over the WSN
Number of hops from node i to the fake sink j
Number of hops from a sink k to sink j
4.1. Functionality description of ATA
Execution of ATA includes two main tasks: topology discovery task and data transmission task. The topology discovery is performed periodically in order to track topology changes occurring due to the energy depletion of sensor nodes. Data transmission runs after the WSN is formed and is responsible for the transfer of data (generated by the sensors) to the sink. These tasks are described below.
4.1.1. Topology discovery task
Recently, several routing-tree formation protocols for WSNs were proposed, such as the directed diffusion protocol , probabilistic flooding protocol , and controlled flooding protocol ; however, none of them can support the sink's location privacy when WSN is subjected to passive traffic analysis attacks. The proposed topology discovery protocol enables the sink to discover the relative positions (but not necessarily the geographic coordinates) of all sensors without compromising WSN's location privacy if the WSN is under the surveillance of a global passive attacker.
After sensors are deployed in the area, formation of the routing tree (to the sink) is required. The process is triggered by the sink and is done so by broadcasting the first RDIS message. Any intermediate node receiving the RDIS message of the present cycle for the first time records information included in the RDIS message and rebroadcasts it after making the following modifications: it places its own identifier in the sid, decreases the value of the ttl field by 1, records the values of path field, and adds its own identifier in the path field. Any RDIS messages of the same cycle received by the node are dropped. This policy ensures that in each topology discovery execution, every node records the first RDIS message it receives and generates only one RDIS of its own during the current topology discovery task.
Each node can determine the number of children it has by calculating the number of IAYK-type messages it receives, each having different gid field values from the others. Each node, when receiving the IAYK message for the first time, records the next hop node's identifier (as determined by the routing path) into the ‘did’ field, decreases the value of the ttl field by 1, and transmits the modified IAYK message. The size of gid and did is depending on the network size; however, size of 4 bytes is sufficient for most WSNs .
4.1.2. Data transmission task
By the completion of the routing-tree formation task, a packet routing topology that has a tree-like structure with the sink being its root, has been generated. As explained earlier, the closer a node is to the sink (in terms of the number of hops), the larger the number of messages it has to transmit becomes, since it tends to be the traffic forwarder (to the sink) of a larger number of sensor nodes. The traffic-monitoring attacker can easily identify this trend of traffic volumes and from that deduce a well-confined region within which the sink is expected to be located. In order to solve this problem, we introduce a mechanism that has an objective to have all nodes generate equal volume of traffic. This prevents the global attacker from being able to acquire valuable statistical knowledge through traffic analysis.
To achieve this, a node generates two different types of messages: real data message (RDM) and fake data message (FDM). RDMs carry useful information collected by sensors and destined for the sink, while FDMs are generated for confusing the attacker.
After receiving a packet, node i decrypts it and moves its payload content upwards. If it is a DATA-type message, this node checks ttl to find out if it should be forwarded or dropped. If ttl > 0, the node places its own identifier in sid and its one-hop forwarder node's identifier in did, and decreases the value of ttl by 1. In order to prevent traffic analysis attack, the receiving node does not forward the RDM immediately. It places this RDM in a buffer containing forwarded RDMs (includes RDMs generated by the node itself and those for which it acts as a relay). In the mean time, this node has to generate an average of m(i) FDMs (in reference to the unit of time). That brings the total average traffic of node i to m(i) + g i + f(i), where g i is the average number of RDMs generated by node i and f(i) is the average number of RDMs forwarded by node i, . H(i) represents the number of children node i has, and node j belongs to the set I1 − hop, which contains all children of node i, one-hop away from it.
To increase the statistical uncertainty for the attacker, the node can randomize (in accordance to certain distribution or distributions) the inter-departure times of RDM and FDM packets. Running a random generator, the node i selects the message at the head of the RDM queue with probability . If sending of the RDM message is not selected, it generates and transmits a FDM message. If the RDM is selected but the RDM queue is empty, it transmits nothing.
4.2. Energy consumption
where Swhole is the size of the deployment area, r1 is the communication radius of each sensor, and N is the total number of sensors deployed into the area.
Therefore, cos tTopo1, cos tTopo2, and cos tTopo3 are occurring during the topology discovery, which is performed infrequently; thus, energy consumption cos t ≅ cos tData.
4.3. Performance simulation analysis
Number of nodes
250 m × 250 m
Channel bandwidth (kHz)
Channel data rate
Short retry limit in MAC layer
Long retry limit in MAC layer
MAC layer buffer size (in bits)
Data payload (in bytes)
Packet generation at start time (s.)
Inter arrival time of packet (s.)
4.3.1. Energy consumption and network life
An area with a dimension of 240 m × 240 m is assigned as the area monitored by the global attacker. A grid is formed within this area, segmenting it into smaller squares of 20-m length each. Traffic-monitoring devices (passing the information to the attacker) are placed at the locations [x = 20 m × j; y = 20 m × k] where 1 ≤ j ≤ 12, 1 ≤ k ≤ 12. The sink is at location [x = 120.0 m; y = 120.0 m]. The simulation time is 1,000 s, the topology discovery is performed at the beginning and remains unchanged, and enough energy is stored in each node to remain alive for the duration of the simulation. Let P i be the average traffic volume measured by the monitoring device i divided by the summation of traffic volume measured and reported by all monitoring devices. An attacker is trying to identify the location (or at least the region) where the largest volume of traffic volume is occurring and will conclude the sink should be located within that area. In an approximate sense, it can be associated with the probability that the sink is located within the area the monitoring device i operates and can provide a measure for the degree of certainty of this been the case.
5. Preserving sink's location: an improved ATA scheme
There is a trade-off between information delivery performances, energy efficiency, and location privacy by using dummy traffic to hide the real sink's location. If all packets are real event packets, the communication/computation cost will be lower; however, it will be very easy for a global attacker to trace the packets. If we make all nodes having the traffic volume using dummy traffic, it will significantly increase the network. Our goal is to minimize the network traffic while to guarantee the real sink (RS)'s location privacy.
To address this problem, we propose an improved ATA (IATA) scheme. In this IATA, we select several nodes to act as ‘fake sinks’ (FS) and emulate traffic patterns similar to the RS, in order to confuse the global attacker. We take into account the case that nodes deployed into an area X × Y according to a grid network. We define as ‘Mixnode’ each node that satisfies the following conditions: (i) it is located within any circle having as center a FS or the RS and radius r1 × ε, where r1 is the sensor's communication range and ε is a positive integer; (ii) it produces traffic volume equal to TPN1 (TPN1 is the largest amount of traffic volume among the traffic volumes generated by the real sink's neighbors). We define as UnMixnode each node that: (i) it is not located within any circle having as center a FS or the RS and radius r1 × ε; (ii) it produces traffic volume equal to TPNϵ + 1 (TPNϵ + 1 is the largest amount of traffic volume among the traffic volumes generated by nodes from (ε + 1) hops from the real sink).
5.1. Fake sink's placement
Deploying fake sinks at the right locations is crucial to the network's performance in terms of RDM end-to-end delay, RDM delivery ratio, and sink's location privacy. For example, if all fake sinks are the real sink's neighbors as well, or they are deployed close to each other, or the radius r1 × ε is small, the scheme would not work and the global attacker will be able to determine the sink's location. This is because it has the fewer number of nodes which generate fake messages when the value of r1 × ε is small, and the attacker can guess the sink's location with a high probability under having a knowledge of the area where the real sink is. If the circle having center RS and radius r1 × ε is large enough to cover the whole sensor deployment area, it has the largest traffic volume of the network since all nodes located in the circle produce traffic volume equal to TPN1. Since heavy traffic volume increases RDM end-to-end delay and RDM delivery ratio, our objective is to minimize the network's traffic along with maintaining the real sink's location privacy. The optimization criterion used in the selection of the FS locations is formed to materialize the abovementioned objective.
From Equation 9, the total number of fake sinks and their fake sinks' positions depends on the values of ent and TV, conditions of min (X − x(j), x(j), Y − y(j), y(j))/r1 ≥ ε, and . However, the condition of is linked with the fake sinks' positions, and the total traffic volume of the network depends on the number of fake sinks directly. Thus, the fake sink's placement problem is NP-hard.
Theorem 1: The fake sinks' placement problem is NP-hard.
Proof: we prove the NP-hardness of the fake sinks' placement problem by reducing the well-know knapsack problem defined as follows:
We create a fake sink i as an item z i , and traffic volume generated by Mixnodes located in the range of the fake sink i as a v i . The total entropy should not be less than δ. Position changes of fake sinks may cause recalculations for traffic volume, numbers of fake sinks, and so on. Thus, we have to minimize the total traffic volume given the condition of the entropy that is ≥ δ. It is easy to see that the fake sinks' placement problem is in NP class as the objective function associated with a given solution can be evaluated in a polynomial time. Thus, we conclude that this fake sinks' placement problem is NP-hard . We give the following algorithm of placing fake sinks, where hop(i) is the number of hops forming the routing path from node i to the real sink, Φ(i, j) is the number of hops from node i to the fake sink j, node i' s position is (x(i), y(i)). Lines 4 to 11 try to find the first fake sink which satisfies the condition of hop(i) ≥ d and min (X − x(i), x(i), Y − y(i), y(i))/r1 ≥ ε. Lines 12 to 27 try to find the other fake sinks in the deployment area. Line 28 computes the multiobjective optimization value. Line 31 gives the best placements of fake sinks.
5.2. Details of IATA scheme
The IATA protocol includes two phases: topology discovery phase and data transmission phase. In the topology discovery phase, a routing path of each node which connects the node to the sink is setup by the ATA method. After the topology discovery phase, a topology map has been generated which has a tree-like structure with the sink being the root. Besides, each node knows the route path, the number of its children, the total number of children of sink's neighbors, the fake sinks' positions, and ε. In addition, each node can check if it is Mixnode or UnMixnode by knowing the fake sinks' positions and ε.
If one Mixnode MN i receives RDMs and FDMs, it will forward RDMs (including RDMs generated by itself and forwarded RDMs) according to the route, and discard FDMs. In order to prevent the attacker from drawing conclusions by identifying and tracing successive transmissions, which might eventually lead the attacker to the sink, the Mixnode does not forward the RDMs immediately. It places RDM in a buffer containing nonprocessed yet RDM (includes RDM generated by the node itself and those for which it acts as a relay).
Then, the Mixnode MN i generates m(MN i ) FDMs and sends them according to the route path. Let H(MN(i)) represent the number of kids Mixnode MN i has; we have , where is an average number of RDMs generated by Mixnode MN i , f(MN i ) is an average number of RDMs forwarded by Mixnode MN i , , and node j belongs to a set MNI1 − hop of children of Mixnode.
If one UnMixnode UMN i receives RDM and FDM, it will forward RDMs (including RDM generated by himself and forwarded RDM) according to the route, and discard FDMs. Then, UMN i generates m(UMN i ) FDMs and sends them according to the route path. Note that , where is an average number of RDMs generated by UnMixnode UMN i , f(UMN i ) is an average number of RDMs forwarded by UnMixnode UMN i , H(UMN(i)) represent the number of kids UnMixnode UMN i has , and node j belongs to a set UMNI1 − hop of children of UnMixnode UMN i .
6. Performance evaluation
Sink is the connecting point of the sensor network with the entity making use of its collected results; thus, the ability of the sink to be capable to receive collected information is very crucial. In this paper, after analyzing the sink's location privacy problem, we firstly describe and analyze a new ATA scheme aiming at concealing the sink's location by using fake message injection. Then, we design an improved ATA (IATA) scheme where some nodes are selected to act the fake sinks, and sensors around fake sinks generate dummy messages and discard received dummy messages. Performance analysis of the ATA scheme can protect the sink's location privacy, and the IATA scheme can reduce traffic volume.
This work was supported by the Natural Science Foundation of Zhejiang Province LQ13F010001, Y201328392, National Natural Science Foundation of China 61301142, and SRF for ROCS, SEM (2013).
- Deng J, Han R, Mishra S: Countermeasures against traffic analysis attacks in wireless sensor networks. In Proceedings of IEEE/Create Net International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm). Athens, Greece; 2005:113.View ArticleGoogle Scholar
- Ozturk C, Zhang Y, Trappe W: Source-location privacy in energy-constrained sensor network routing. Proceedings of 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks, Washington D.C. USA 2004, 8.Google Scholar
- Jian Y, Chen S, Zhang Z, Zhang L: Protecting receiver location privacy in wireless sensor networks. Proc. of IEEE Infocom 2007, Anchorage, Alaska, USA, 2007 1955.Google Scholar
- Kamat P, Zhang Y, Trappe W, Ozturk C: Enhancing source location privacy in sensor network routing. Proc. of IEEE ICDCS, Columbus, Ohio, USA, 2005 599.Google Scholar
- Wu X, Liu J, Hong X, Bertino E: Achieving anonymity in mobile ad hoc networks using fuzzy position information: mobile Ad-hoc and sensor networks. Lect Notes Comput Sci 2006, 4325: 461-472. doi: 10.1007/11943952_39 10.1007/11943952_39View ArticleGoogle Scholar
- Gu Q, Chen X, Jiang Z, Wu J: Sink-anonymity mobility control in wireless sensor networks (IEEE International Conference on Wireless and Mobile Computing. Morocco, Networking and Communications, Marrakech; 2009. p. 36Google Scholar
- Shokri R, Nayyeri A, Yazdani N: P Papadimitratos Efficient and adjustable recipient anonymity in mobile ad hoc networks (IEEE International Conference on Mobile Ad hoc and Sensor Systems. Pisa, Italy; 2007. p. 1Google Scholar
- Perrig A, Szewczyk R, Tygar JD, Wen V, Culler DE: Spins: security protocols for sensor networks. Wirel. Netw 2002, 8(5):521-534. doi: 10.1023/A:1016598314198 10.1023/A:1016598314198View ArticleGoogle Scholar
- Zhou L, Chao H-C: Multimedia traffic security architecture for internet of things. IEEE Netw. 2011, 25(3):35-40. doi: 10.1109/MNET.2011.5772059View ArticleGoogle Scholar
- Han G, Jiang J, Shen W, Shu L, Rodrigues J: IDSEP: a novel intrusion detection scheme based on energy prediction in cluster-based wireless sensor networks. IET Information Security, Institution of Engineering and Technology (IET) 2013, 7(2):97-105. doi:10.1049/iet-ifs.2012.0052 10.1049/iet-ifs.2012.0052View ArticleGoogle Scholar
- Gedic B, Liu L: Location privacy in mobile system: a personalized anonymization model. Proc. of 25th IEEE International Conference on Distributed Computing Systems, Columbus, OH, USA 2005, 620.Google Scholar
- Bamba B, Liu L, Pesti P, Wang T: Supporting anonymous location queries in mobile environments with privacy grid. In Int'l Conf. World Wide Web WWW'08. Beijing, China; 2008:237.Google Scholar
- Sweeney L: K-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 2002, 10(5):557-570. doi: 10.1142/S0218488502001648 10.1142/S0218488502001648MathSciNetView ArticleGoogle Scholar
- Yang Y, Shao M, Zhu S, Urgaonkar B, Cao G: Towards event source unobservability with minimum network traffic in sensor networks. Proc. of ACM WiSec, Alexandria, Virginia, USA 2008, 77.Google Scholar
- Xi Y, Schwiebert L, Shi W: Preserving source location privacy in monitoring-based wireless sensor networks, in 20th International Conference on Parallel and Distributed Processing Symposium. Rhodes Island Greece; 2006.Google Scholar
- Li Y, Ren J, Wu J: Quantitative measurement and design of source-location privacy schemes. IEEE Transaction on Parallel and Distributed Systems 2012, 3: 7. doi: 10.1109/TPDS.2011.260Google Scholar
- Li Y, Li J, Ren J, Wu J: Providing hop-by-hop authentication and source privacy in wireless sensor networks (IEEE INFOCOM2012. USA, Orlando, FL; 2012. p. 3071Google Scholar
- Mahmoud MMEA, Shen X: A cloud-based scheme for protecting source-location privacy against hotspot-locating attack in wireless sensor networks. IEEE Transaction on Parallel and Distributed Systems 2012, 23(10):1805-1818. doi: 10.1109/TPDS.2011.302View ArticleGoogle Scholar
- Ren J, Tang D: Combining source-location privacy and routing efficiency in wireless sensor networks (2011 IEEE Global Telecommunications Conference (GLOBECOM 2011). Houston, Texas, USA; 2011. p. 1Google Scholar
- Gurjar A, Patil ARB: Cluster based anonymization for source location privacy in wireless sensor network (2013 International Conference on Communication Systems and Network Technologies (CSNT). Gwalior, India; 2013. p. 248Google Scholar
- Spachos P, Liang S, Bui FM, Hatznakos D: Improving source-location privacy through opportunistic routing in wireless sensor networks (2011 IEEE Symposium on Computers and Communications (ISCC). Kerkyra, Greece; 2011. p. 815Google Scholar
- Sivashankari S, Raseen MM: A framework of location privacy and minimum average communication under the global eavesdropper. In 2013 International Conference on Current Trends in Engineering and Technology. ICCTET, Coimbatore; 2013:392.View ArticleGoogle Scholar
- Ying B, Makrakis D, Mouftah HT: A protocol for sink location privacy protection in wireless sensor networks (2011 IEEE Global Communications Conference. Houston, TX, USA; 2011. p. 1Google Scholar
- Nezhad AA, Makrakis D, Miri A: Anonymous topology discovery for multi-hop wireless sensor networks (3rd ACM International Workshop on QoS and Security for Wireless and Mobile Networks. Greece, Crete Island; 2007. p. 78Google Scholar
- Bicakci K, Bagci IE, Tavli B: Lifetime bounds of wireless sensor networks preserving perfect sink unobservability. IEEE Commun. Lett. 2011, 5(2):205-207. doi: 10.1109/LCOMM.2011.010311.101885View ArticleGoogle Scholar
- Mehta K, Liu D, Wright M: Protecting location privacy in sensor networks against a global eavesdropper. IEEE Transaction on Mobile Computing 2012, 11(2):320-336. doi: 10.1109/TMC.2011.32View ArticleGoogle Scholar
- Acharya U, Younis M: Increasing base-station anonymity in wireless sensor networks. Journal of Ad-hoc Network 2010, 8(8):791-809. doi: 10.1016/j.adhoc.2010.03.001 10.1016/j.adhoc.2010.03.001View ArticleGoogle Scholar
- Ebrahimi Y, Younis M: Using deceptive packets to increase base-station anonymity in wireless sensor network. Proc. of 7th International Conference on Wireless Communication and Mobile Computing Conference, Istanbul, Turkey 2011, 842.Google Scholar
- Ebrahimi Y, Younis M: Increasing transmission power for higher base-station anonymity in wireless sensor network. In The proc. of the IEEE International Conference on Communications (ICC 2011). Kyoto, Japan; 2011:1.View ArticleGoogle Scholar
- Park H, Song S, Choi BY, Huang CT: Passages: preserving anonymity of sources and sinks against global eavesdroppers. Proc. on IEEE Infocom, Turin, Italy, 2013 210-214.Google Scholar
- Li X, Wang X, Zheng N, Wan Z: Enhanced location privacy protection of base station in wireless sensor networks. Proc. of 5th International Conference on Mobile Adhoc and Sensor Networks, Fujian, China, 2009 457.Google Scholar
- Yao J: Preserving mobile-sink-location privacy in wireless sensor networks. Proc. of 2nd International Workshop on Database Technology and Applications, Wuhan, China, 2010 1.Google Scholar
- Chen H, Lou W: From nowhere to somewhere: protecting end-to-end location privacy in wireless sensor networks. Proc. of 29th International Conference on Performance Computing and Communications Conference, Hong Kong, China, 2010 1-8.View ArticleGoogle Scholar
- Ying B, Gallardo JR, Makrakis D, Mouftah HT: Concealing of the sink location in WSNs by artificially homogenizing traffic intensity. IEEE Infocom 2011, Shanghai, China 2011, 1005.Google Scholar
- Li N, Zhang N, Das SK, Thuraisingham B: Privacy preservation in wireless sensor networks: a state-of-the-art survey. Ad Hoc Netw. 2009, 7(8):1501-1514. doi: 10.1016/j.adhoc.2009.04.009 10.1016/j.adhoc.2009.04.009View ArticleGoogle Scholar
- Kiraz O, Levi A: Maintaining trajectory privacy in mobile wireless sensor networks (2013 IEEE Conference on Communications and Network Security (CNS). Washington, DC, USA; 2013. p. 401View ArticleGoogle Scholar
- Kang L: Protecting location privacy in large-scale wireless sensor network (IEEE ICC '09. Dresden, Germany; 2009. p. 1Google Scholar
- D'ıaz C, Preneel B: Taxonomy of mixes and dummy traffic. Information Security Management, Education and Privacy, IFIP International Federation for Information Processing 2004, 148: 217-232. doi: 10.1007/1-4020-8145-6_18 10.1007/1-4020-8145-6_18View ArticleGoogle Scholar
- Blue Radios Inc: Order and price info. . Accessed in February 2006 http://www.digikey.cn/cn/zhs/techzone/wireless/supplier/BlueRadios_Inc__822.html?WT.z_ref_page_id=21
- Niculescu D, Nath B: Adhoc positioning system (APS) using AoA, in Proceedings of IEEE INFOCOM. San Francisco, CA, USA; 2003. p. 1734Google Scholar
- Savvides A, Han C, Srivastava M: Dynamic fine-grained localization in ad-hoc networks of sensors, in Proceedings of ACM MobiCom. Rome, Italy; 2001. p. 166Google Scholar
- Eschenaur L, Gligor V: A key-management scheme for distributed sensor networks. Proc. 9th ACM Conference on Computer and Communications Security, Washington, DC, USA 2002.Google Scholar
- Intanagonwiwat C, Govindan R, Estrin D, Heidemann J, Silva F: Directed diffusion for wireless sensor networking. IEEE/ACM Transactions on Networking (TON) 2003, 11(1):2-16. doi: 10.1109/TNET.2002.808417 10.1109/TNET.2002.808417View ArticleGoogle Scholar
- Oikonomou K, Stavrakakis I: Performance analysis of probabilistic flooding using random graphs. IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2007. Espoo, Finland, June 2007 2007, 1.Google Scholar
- Chang NB, Liu MY: Controlled flooding search in a large network. IEEE Transaction on Networking 2007, 15(2):436-449. doi: 10.1109/TNET.2007.892880MathSciNetView ArticleGoogle Scholar
- Sastry N, Wagner D: Security considerations for IEEE 802.15.4 networks. Wise'04: Proceedings of the 3rd ACM Workshop on Wireless Security, Philadelphia, PA, USA, 2004 32.View ArticleGoogle Scholar
- Heinzelman WT, Chandrakasan A, Balakrishnam H: Energy-efficient communication protocol for wireless microsensor network. Proceedings of the 33rd Annual Hawaii International Conference on System Sciences, vol. 2, Hawaii, USA 2000, 1.Google Scholar
- Opnet http://www.opnet.com
- Kamin ED: A parallel algorithm for the knapsack problem. IEEE Transaction on Computers 1984, 33(5):404-408. doi: 10.1109/TC.1984.1676456Google Scholar
This article is published under license to BioMed Central Ltd. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly credited.