We present a new framework for modeling, analyzing and evaluating anonymity in sensor networks. The novelty of the proposed framework is twofold: first, it introduces the notion of “interval indistinguishability” and provides a quantitative measure to model anonymity in wireless sensor networks; second, it maps source anonymity to the statistical problem of binary hypothesis testing with nuisance parameters. We then analyze existing solutions for designing anonymous sensor networks using the proposed model.
We show mapping source anonymity to binary hypothesis testing with nuisance parameters leads to converting the problem of exposing private source information into searching for an appropriate data transformation that removes or minimize the effect of the nuisance information. By doing so, we transform the problem from analyzing real-valued sample points to binary codes, which opens the door for coding theory to be incorporated into the study of anonymous sensor networks. Finally, we discuss how existing solutions can be modified to improve their anonymity.Toward a Statistical Framework for Source Anonymity in Sensor Networks
Existing problem has been addressed under two different types of adversaries, namely, local and global adversaries. A local adversary is defined to be an adversary having limited mobility and partial view of the network traffic. Routing based techniques have been shown to be effective in hiding the locations of reported events against local adversaries. A global adversary is defined to be an adversary with ability to monitor the traffic of the entire network (e.g., coordinating adversaries spatially distributed over the network). Against global adversaries, routing based techniques are known to be ineffective in concealing location information in event-triggered transmission. This is due to the fact that, since a global adversary has full spatial view of the network, it can immediately detect the origin and time of the event-triggered transmission. Existing Wireless sensor networks once sensor nodes have been deployed, there will be minimal manual intervention and monitoring. But, when nodes are deployed in a hostile environment and there is no manual monitoring,
We introduce the notion of “interval indistinguishability” and illustrate how the problem of statistical source anonymity can be mapped to the problem of interval indistinguishability.
We propose a quantitative measure to evaluate statistical source anonymity in sensor networks.
We map the problem of breaching source anonymity to the statistical problem of binary hypothesis testing with nuisance parameters.
We demonstrate the significance of mapping the problem in hand to a well-studied problem in uncovering hidden vulnerabilities. In particular, realizing that the SSA problem can be mapped to the hypothesis testing with nuisance parameters implies that breaching source anonymity can be converted to finding an appropriate data transformation that removes the nuisance information.
We analyze existing solutions under the proposed model. By finding a transformation of observed data, we convert the problem from analyzing real-valued samples to binary codes and identify a possible anonymity breach in the current solutions for the SSA problem.
We propose and answer the important research question of why previous studies were unable to detect the possible anonymity breach identified in this paper.
We discuss, by looking at the problem as a coding problem, a new direction to enhance the anonymity of existing SSA solutions.
We introduce our source anonymity model for wireless sensor networks. Intuitively, anonymity should be measured by the amount of information about the occurrence time and location of reported events an adversary can extract by monitoring the sensor network. The challenge, however, is to come up with an appropriate model that captures all possible sources of information leakage and a proper way of quantifying anonymity in different systems.