Hiding the Base Station in WSNs ! Ruben Rios 1 , Jorge Cuellar 2 , - PowerPoint PPT Presentation

Hiding the Base Station in WSNs ! Ruben Rios 1 , Jorge Cuellar 2 , Javier Lopez 1 ! 1 NICS Lab – University of Málaga ! 2 Siemens AG, Munich ! JITEL 2013 – 28-30 Oct. Granada (Spain)

Motivation ! ! Receiver-location privacy is concerned with hiding the location of the BS ! – Physical protection ! – Strategic information ! ! ! ! ! ! ! These problems are extensible to any WSN scenario (e.g., sealife monitoring, smart metering, etc.) ! 1

Motivation ! ! WSN solutions are designed to maximize the lifetime of the network ! – Data is transmitted using single-path routing algorithms as soon as an event is detected ! ! Routing protocols introduce pronounced traffic patterns because all the data is address to the base station (BS) ! – Nodes transmit shortly after " receiving a packet ! – Traffic volume is higher as " we approach the BS " ! ! ! 2

Agenda ! ! Motivation ! ! Problem Statement ! ! Hiding Scheme ! ! Evaluation ! ! Conclusion ! 3

Problem Statement ! ! Network model ! – Vast deployment area ! – Densely populated network ! – A single base station ! – Event-driven monitoring application ! BS – Sensor nodes share cryptographic keys ! ! Adversary model ! – Passive eavesdropper with local vision ! 0 – Cannot decrypt messages ! 0 – Cannot distinguish real from bogus traffic ! 0 – Can move in the field based on ! 0 • Time-correlation (flow direction) ! • Rate-monitoring (traffic volume) ! 10 0 – Can capture a portion of the nodes ! 0 ! 4

Data transmission ! ! The idea is to locally homogenise the number of packets sent by a node to its neighbours such that ! – Real traffic reaches the BS ! – The attacker gains no information ! ! Whenever a node has to transmit, it sends two messages ! – Real message: follows a biased random walk ! – Fake message: must serve as traffic normaliser ! 10 0 0 10 10 0 0 10 10 0 10 0 0 10 ! 5 !

Data transmission ! ! We require three properties to ensure the usability ( Prop 1 ) and security ( Prop 2, 3) of the system ! – Prop 1: Convergence ! – Prop 2 : Homogeneity ! – Prop 3 : Exclusion ! 6 !

Data transmission ! ! The previous properties can be ensured by means of a computationally inexpensive approach ! – Sorted combinations without repetition of two neighbours ! – Select one of the combinations uniformly at random ! C F B E x A D ! ! 7

Data transmission ! ! The previous properties can be ensured by means of a computationally inexpensive approach ! – Sorted combinations without repetition of two neighbours ! – Select one of the combinations uniformly at random ! 0 0 0 0 C F 0 0 1 0 B E x 0 0 A 0 1 D ! ! 8

Data transmission ! ! The previous properties can be ensured by means of a computationally inexpensive approach ! – Sorted combinations without repetition of two neighbours ! – Select one of the combinations uniformly at random ! 1 0 0 0 C F 0 1 1 0 B E x 0 0 A 0 1 D ! ! 9

Data transmission ! ! The previous properties can be ensured by means of a computationally inexpensive approach ! – Sorted combinations without repetition of two neighbours ! – Select one of the combinations uniformly at random ! 1 1 0 0 C F 0 1 1 0 B E x 1 0 A 0 1 D ! ! 10

Data transmission ! ! The previous properties can be ensured by means of a computationally inexpensive approach ! – Sorted combinations without repetition of two neighbours ! – Select one of the combinations uniformly at random ! 1 1 0 1 C F 1 1 1 0 B E x 1 0 A 0 1 D ! ! 11

Data transmission ! ! Every nodes receives, on average, the same number of packets ! ! Real traffic has been most likely transmitted to nodes closer or at equal distance (A,B, C) to the base station ! – Although some nodes further (E) might also receive real traffic ! 1 1 0 1 C F 1 1 1 0 B E x 1 0 A 0 1 D ! ! 12

Data transmission ! ! Moreover, recall that the attacker cannot distinguish real from bogus traffic ! – Therefore, what the attacker sees locally gives him no information about the direction to the base station ! 2 1 C F 2 1 B E x 1 A 1 D ! ! 13

Node Compromise ! ! However, this protection mechanism becomes useless if the attacker has direct access to the routing tables of the node ! – Node capture attacks are likely due to the unattended nature of WSNs ! ! Routing tables are sorted (L C , L E , L F ) to allow the data transmission protocol to ensure the Convergence Property ! – Leaks the direction to the BS ! C F B E x A D ! 14 !

Node Compromise ! ! We introduce a routing table perturbation scheme that re- arranges the elements of the table ! – Still ensure that Prob(n L C ) > Prob(n L F ) ! ∈ ∈ E R 1 R 2 n neighs( x ) distance F 1 C n + 1 C n A F 2 R 10 E n + 1 n − 1 A n − 1 F 10 n − 1 B B n − 1 R m n D D n F n + 1 F F m n + 1 c 10 c 1 c 2 c m ! An optimisation algorithm is used to perturb the tables to a desired degree (bias [-1,1]) ! ∈ – Trade-off between security and delivery time ! 15 !

Evaluation: Usability ! ! Message delivery time is affected by the probabilistic nature of the protocol ! x n = 1 + px n − 1 + qx n + rx n +1 ! The routing table perturbation mechanism also impacts negatively on the delivery time ! – Hop count is below 100 for a bias greater than 0.2 ! ! 70 900 4 neigh 4 neigh 8 neigh ! 800 8 neigh 12 neigh 12 neigh 20 neigh 60 20 neigh 700 average path length mean hop count 600 50 ! 500 40 400 ! 300 30 200 20 100 0 10 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 5 10 15 20 distance to sink desired bias 16

Evaluation: Usability ! ! The use of fake traffic impacts on the network lifetime ! ! The durability of fake traffic is controlled by a parameter, which is dependent on the hearing range ( n ) of the adversary ! – Discarded after several hops ! 30 ! The hearing range of a " 25 typical adversary is n = 1 20 ratio falso-real (local adversary) ! 15 ! 10 ! 5 0 0 1 2 3 4 rango del adversario 17

Evaluation: Privacy ! ! We have verified the privacy protection level of our solution for different types of adversaries ! – Passive eavesdroppers should better move at random ! – Active attackers must capture more than 1/10 of nodes to be successful ! 0.35 500 4 neigh random 8 neigh rate monitoring 450 12 neigh time correlation 20 neigh 0.3 400 0.25 350 mean captures success rate 300 0.2 250 0.15 200 150 0.1 100 0.05 50 0 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 4 8 12 20 network configuration network bias 18

Conclusion ! ! The location of the base station is critical for the survivability and privacy of the network ! ! We present a receiver-location privacy solution capable of countering both passive and active attackers ! ! ! The protection mechanism introduce additional overhead and impacts on the delivery time but it includes two parameters to balance between usability and security ! ! Future work ! – Reduce the overhead caused by fake traffic ! – Protect the topology discovery process ! 19 !

Thanks for your attention! ! NICS Lab – University of Málaga ! https://www.nics.uma.es/ ! ! JITEL 2013 – 28-30 Oct. Granada (Spain)

Extra Slides ! NICS Lab – University of Málaga ! https://www.nics.uma.es/ ! ! JITEL 2013 – 28-30 Oct. Granada (Spain)

Analysis of Potential Limitations ! ! The topology of the network might negatively impact the convergence of real packets ! p – Theorem: Real messages reach the base station if ! 2 C ( S − C ) F < ! Validation on randomly deployed networks ! 7 0.8 closer( C ) equal( E ) 0.7 6 further( F ) p 2 C ( S − C ) 0.6 5 average number of neighbors probability isolated nodes 0.5 4 0.4 3 0.3 2 0.2 1 ! 0.1 0 0 100 150 200 250 300 350 100 150 200 250 300 350 ! network size network size 22