There has been much work investigating Source Location Privacy (SLP), including the analysis of techniques. However, one area in which there is a lack of analysis is against adversaries in the network. These adversaries can be cheaply equipped with a laptop, directional antenna and a cheap software defined radio to effectively locate the sources of valuable assets. In this work we investigated how to quantify the amount of information a non-SLP-aware routing matrix reveals to an adversary compared to a SLP-aware routing matrix via a measure of divergence. Using this measure an algorithm was developed to transform a non-SLP-aware routing matrix into an SLP-aware routing matrix.
This technique allowed for the transformation of the below protectionless routing matrix into the SLP-aware routing matrix. Assuming the adversary starts at the sink (node number 5) and wants to reach the source (node number 1), the SLP-aware routing matrix is considered to provide SLP as the attacker does not capture the source within the safety period. The safety period is calculated as the capture time under protectionless routing (in this case 2), multiplied by a safety factor (also set to be 2), giving a safety period of 4.
Using the measures of entropy and divergence we can see that while there is no uncertainty in the route taken in the SLP-aware routing matrix, the divergence when the adversary starts at the sink (node 5) is maximal for six steps. This is longer than the safety period.
The most effective way to evaluate the performance of any Source Location privacy technique is to deploy it on hardware in real environments. However, the testbed facilities that exist do not always reflect real environments. Further, there are advantages to analysing abstract algorithms in order to gauge theoretical performance as it is much cheaper to do so. This paper filled a gap in the literature by introducing a technique to analyse performance of algorithms against an adversary with local visibility.
Analysing the performance of adversaries with a presence in the network is challenging, this is because their visibility changes over time as they move through the network. This is in contrast to an adversary with global visibility, whose visibility never changes. Due to this complexity assumptions need to be made about both the routing algorithms and the adversary, which has necessitated using time homogenous Markov chains, there is interesting scope for future work on the application of time inhomogenous modelling to broaden the applicability of this work to more techniques and adversaries.
This paper extends a previous shorter paper:
Matthew Bradbury and Arshad Jhumka. Understanding Source Location Privacy Protocols in Sensor Networks via Perturbation of Time Series. In IEEE INFOCOM, 1611–1619. May 2017. doi:10.1109/INFOCOM.2017.8057122.