(Un)Suitability of Anonymous Communication Systems to WSN

Ruben Rios, Javier Lopez
2013 IEEE Systems Journal  
Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals' traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their
more » ... adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes' communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes. Figure 1: Location Privacy Problem in a Military Scenario nodes to inadvertently collect information. In this case the privacy invader is the (owner of the) network and the subjects or business being monitored without explicit consent are the victims. On the other hand, the analysis of the communications of the network pose context privacy risks. Context privacy is concerned with the protection of the circumstances surrounding the sensor application [14] . In other words, an adversary might obtain information about the network itself (e.g., type of sensor nodes) and about the environment being monitored (e.g., amount or nature of events 1 ). In particular, the location of the events being monitored by the network is highly valuable information for potential adversaries. The events depend on the application and thus the importance of protecting their location is determined by the criticality of the scenarios. Specially critical scenarios are those involving individuals and valuable assets. Consider, for example, the military scenario depicted in Figure 1 , where a sensor network is deployed to monitor both troops and assets (e.g., armaments, tanks, etc.) belonging to a military force. The collected information is sent to the base station in real time for a better military coordination and control. However, the communications generated by the network might be exploited by the enemy to uncover the location of targets. Similarly, the enemy could deduce the location of the base station and thus attack the headquarters. The essentials of the location privacy problem are shown in the depicted scenario, but it is clearly extensible to any other application domains. Actually, and as already stated, the location privacy problem appears because the adversary monitors the communications, and from his observations he is able to determine which nodes are reporting event data and which other nodes are receiving these data. Anonymous communication systems were devised to preserve users' privacy while communicating on the Internet. The countermeasures proposed by these systems are mainly focused on preventing traffic analysis attacks. Consequently, and in principle, these systems, which were originally proposed for providing anonymity in Internet scenarios, might appear as a viable solution to prevent the disclosure of location information in WSNs. Notwithstanding, the existing literature on WSNs [23, 17, 19, 33] establishes that such systems are not applicable to the sensors domain. We consider that arguments presented in those papers are too vague, mainly focusing on the prohibitive resource consumption for the hardware constrains of sensor nodes. Moreover, we do believe that a more in-depth analysis is necessary before precluding the traditional anonymous communication systems, specially given the maturity of research in this field. As a matter of fact, we think that a strict analysis of the requirements, goals and techniques proposed by these systems, as well as the new requirements and special features in sensor networks, will pave the way for the design and development of solutions that are specific
doi:10.1109/jsyst.2012.2221956 fatcat:ekd3frnugfeebdsmqs2adwjq4q