#
Achieving Network Level Privacy in Wireless Sensor Networks^{ †}

^{1}

^{2}

^{3}

^{*}

^{†}

^{‡}

## Abstract

**:**

## 1. Introduction

- Sender node identity privacy: no intermediate node can get any information about who is sending the packets except the source, its immediate neighbors and the destination,
- Sender node location privacy: no intermediate node can have any information about the location (in terms of physical distance or number of hops) about the sender node except the source, its immediate neighbors and the destination,
- Route privacy: no node can predict the information about the complete path (from source to destination). Also, a mobile adversary gets no clue to trace back the source node either from the contents and/or directional information of the captured packet(s), and
- Data packet privacy: no node can see the information inside in a payload of the data packet except the source and the destination.

- A new Identity, Route and Location (IRL) privacy algorithm is proposed that ensures the anonymity of source node’s identity and location. It also assures that the packets will reach their destination by passing through only trusted intermediate nodes.
- A new reliable Identity, Route and Location (r-IRL) privacy algorithm is proposed, which is the extension of our proposed IRL algorithm. This algorithm has the ability to forward packets from multiple secure paths to increase the packet reach-ability.
- A new data privacy mechanism is proposed, which is unique in the sense that it provides data secrecy and packet authentication in the presence of identity anonymity.

## 2. Related Work

#### 2.1. Privacy Schemes

_{walk}hops, 2) after that, the message is flooded using the baseline flooding technique. The major advantage of their scheme is the source location privacy protection, which improves as the network size and ntensity increase because of high path diversity. But on the other hand, if the network size increases, the flooding phase will consume more energy. This scheme does not provide identity privacy. Also, it is unable to provide data secrecy in the presence of identity privacy.

#### 2.2. Geographic Routing Schemes

## 3. Network, Assumptions and Adversary Model

#### 3.1. Network Model

#### 3.2. Assumptions

#### 3.3. Adversary Model

- Device-rich: the adversary is equipped with devices like antenna and spectrum analyzers, so that the adversary can measure the angle of arrival of the packet and received signal strength. These devices will help the adversary to find out the immediate sender of the packet and move to that node. This kind of hop-by-hop trace back mechanism will be carried out by the adversary until the actual sender node is reached.
- Resource-rich: the adversary has no resource constraint in computation power, memory or energy.

## 4. Proposed Scheme

#### 4.1. Concepts and Definitions

**Direction:**The first notion used in our algorithms is that of direction. The physical location of the base station is the reference point for each sensor node. Based on this reference point, each node classifies its neighboring nodes into four categories: (1) forward neighboring nodes (F), (2) right side backward neighboring nodes (B

_{r}), (3) left side backward neighboring nodes (B

_{l}), and (4) middle backward neighboring nodes (B

_{m}). The objective of this categorization is to provide more path diversity as discussed in Section 4.2. A node x classifies its neighboring node y in following fashion:

**Trust:**The second notion used in our algorithms is that of trust. The definition of a trust here is based on our other paper [19] and restated here.

_{x,y}is the total number of successful interactions of node x with y during time δt, and U

_{x,y}is the total number of unsuccessful interactions of node x with y during time δt. After calculating trust value, a node will quantize trust into three states as follows:

_{x}represents the set of trustworthy nodes for node x, M

_{x}the set of untrustworthy nodes for node x, and n is the total number of nodes that contains trustworthy, untrustworthy and uncertain nodes. The initial trust values of all nodes are 50, which represents the uncertain state. Initially f and g are equal to 25 and 17 respectively, although other values could also be used by keeping the following constraint intact: f

_{i}− g

_{i}≥ 1, which is necessary for keeping the uncertain zone between a trusted and untrustworthy zone. The values of f and g are adaptive. During the steady-state operation, these values can change with every passing unit of time which creates dynamic trust boundaries. At any stage, when |R

_{x}| or |M

_{x}| becomes zero, the value of f

_{j}

_{+1}or g

_{j}

_{+1}remains the same as the previous values (f

_{j}and g

_{j}). The nodes whose values are above 100 − f will be declared as trustworthy nodes (Equation 3), and nodes whose values are lower than 50 − g will be consider as untrustworthy nodes (Equation 3). After each passage of time, Δt, nodes will recalculate the values of f and g. This trust calculation procedure will continue in this fashion.

#### 4.2. Identity, Route, and Location Privacy (IRL)

_{F}) ∪ M(t

_{Br}) ∪ M(t

_{Bl}) ∪ M(t

_{Bm}). Here M(t

_{F}), M(t

_{Br}), M(t

_{Bl}), and M(t

_{Bm}) represent the set of trusted nodes that are in the forward, right backward, left backward, and middle backward directions, respectively. These neighbor sets (M(t

_{F}), M(t

_{Br}), M(t

_{Bl}), and M(t

_{Bm})) are initialized and updated whenever a change occur in neighborhood. For example, the entrance of a new node, change of a trust value, etc.

_{F}) (Line 2). If trusted nodes exists then it will randomly select one node as a next hop (Line 3) from the set M(t

_{F}) and forward the packet towards it (Lines 13:21). If there is no trusted node in its forward direction, then the source node will check the availability of a trusted node in the right (M(t

_{Br})) and left (M(t

_{Bl})) backward sets. If the trusted nodes are available then the source node will randomly select one node as a next hop (Line 3) from these sets and forward the packet towards it (Lines 13:21). If the trusted node does not exist in these sets either, then the source node will randomly select (Line 8) one trusted node from the backward middle set (M(t

_{Bm})) and forward the packet towards it (Lines 13:21). If there are no trusted nodes available in all of the sets then the packet will be dropped (Line 9:10).

1: | prev_{hop} ← ∅; next_{hop} ←∅; |

2: | if M(t_{F}) ≠ ∅ then |

3: | next_{hop}(k) = Rand(M (t_{F})); |

4: | else |

5: | if M(t_{Br}) ∪ M(t_{Bl}) ≠ ∅ then |

6: | next_{hop}(k) = Rand(M (t_{Br}) ∪ M (t_{Bl})); |

7: | else if M(t_{Bm} ≠ ∅ then |

8: | next_{hop}(k) = Rand(M (t_{Bm})); |

9: | else |

10: | Drop packet and Exit; |

11: | end if |

12: | end if |

13: | Set prev_{hop} = my_{id}; |

14: | Form pkt p = {prev_{hop}; next_{hop}; seqID; payload}; |

15: | Create Signature and save in buffer; |

16: | Forward packet to next_{hop}; |

17: | Set timer $\Delta t=\frac{D}{{d}_{{\mathit{next}}_{\mathit{hop}}}}\times {p}_{t};$ |

18: | while Δt = true do |

19: | Signature remains in buffer; |

20: | end while |

21: | Signature removed from buffer; |

_{F}) excluding the prev

_{hop}node if it belongs to forward set (Line 13). If trusted nodes exists in the forward set then the node will randomly select any one trusted node as a next hop (Line 14) and forward the packet towards it (Line 45). If there is no trusted node available in the forward direction, then it will check to which set the sender of the packet belongs to. For example, If the packet, forwarded by a node, belongs to the right backward set (Line 16), then it will first check whether the left or middle backward sets contain any trusted nodes (Lines 17:18). If so, it will randomly select one node from those sets (Line 19) and forward the packet towards it (Line 45). If there is no trusted node in those two sets, then the node will randomly select a trusted node from the right backward set (M(t

_{Br})) excluding the one from which the node received the current packet (Lines 20:21) and forward the packet towards it (Line 45). Similar operations will be performed, if the packet, forwarded by a node, belongs to the left (Lines 25:33) and middle backward or forward (Lines 34:43) sets. An example IRL routing scenario is shown in Figure 3.

1: | next_{hop} ← ∅; |

2: | M_{temp} = ∅ |

3: | if Signature of new packet already exists in buffer then |

4: | M_{temp} = {M_{temp}} + LasttimePrev_{hop} |

5: | M_{temp} = {M_{temp}} + LasttimeNext_{hop} |

6: | Set counter = timesReceviedBefore + 1; |

7: | Remove signature from buffer; |

8: | if counter = 3 then |

9: | Drop packet and exit; |

10: | end if |

11: | end if |

12: | M_{temp} = {M_{temp}} + prev_{hop} |

13: | if (M(t_{F}) − {M(t_{F}) ∩ M_{temp}}) ≠ ∅ then |

14: | next_{hop}(k) = Rand(M(t_{F}) − {M(t_{F}) ∩ M_{temp}}); |

15: | else |

16: | if packet came from B_{r} then |

17: | M_{temp}_{1} = M(t_{Bl}) ∪ M(t_{Bm}) |

18: | if M_{temp}_{1} ≠ ∅ then |

19: | next_{hop}(k) = Rand(M_{temp}_{1}); |

20: | else if M(t_{Br}) ≠ ∅ then |

21: | next_{hop}(k) = Rand(M(t_{Br}) − {M(t_{Br}) ∩ M_{temp}}); |

22: | else |

23: | Drop packet and Exit; |

24: | end if |

25: | else if packet came from B_{l} then |

26: | M_{temp}_{2} = M(t_{Br}) ∪ M(t_{Bm}) |

27: | if M_{temp}_{2} ≠ ∅ then |

28: | next_{hop}(k) = Rand(M_{temp}_{2} − {M_{temp}_{2} ∩ M_{temp}}); |

29: | else if M(t_{Bl}) ≠ ∅ then |

30: | next_{hop}(k) = Rand(M(t_{Bl}) − {M(t_{Bl}) ∩ M_{temp}}); |

31: | else |

32: | Drop packet and Exit; |

33: | end if |

34: | else |

35: | M_{temp}_{3} = M(t_{Br}) ∪M(t_{Bl}) |

36: | if M_{temp}_{3} ≠ ∅ then |

37: | next_{hop}(k) = Rand(M_{temp}_{3} − {M_{temp}_{3} ∩M_{temp}}); |

38: | else if M(t_{Bm}) ≠ ∅ then |

39: | next_{hop}(k) = Rand(M(t_{Bm}) − {M(t_{Bm})∩M_{temp}}); |

40: | else |

41: | Drop packet and Exit; |

42: | end if |

43: | end if |

44: | end if |

45: | Rest is same as Algorithm 1 from lines 13:21; |

_{t}is the propagation transfer time between the forwarding node and the next hop. This signature consists of two fields: (1) sequence number of the packet, and (2) the payload. The potential of the signature to compare and identify the same packet is detailed in the later section. Corresponding to this signature, three more fields are also stored in the buffer: (1) previous hop identity, (2) next hop identity where the packet is forwarded, and (3) counter, that tells how many times the same packet is received by the node. This information will later be used to get rid of any cycle. The size of the buffer is mainly dependent on the network traffic conditions. However, it is expected to be low due because the sensor nodes sent data either in periodic intervals or upon the occurrence of some event.

_{hop}contained in the packet with its own (Algorithm 1, Line 13). After that, the node will get the next forwarding node next

_{hop}(as described earlier) and update the header of the packet p = {prev

_{hop}, next

_{hop}, payload} (Line 14). After modification of the two header fields, the node will forward the packet (Line 16). In this way, all the intermediate forwarding nodes replace the source and next hop’s identity contained in the packet p. This process will go on until the packet reaches the base station.

#### 4.3. Reliable Identity, Route, and Location Privacy (r-IRL)

#### 4.4. Data Privacy

_{x}) and the actual data (d). Identity is encrypted with the public key ( ${k}_{\mathit{bs}}^{+}$) of the base station and data is encrypted with the secret key (k

_{x,bs}) shared between the sender node and the BS. Both are appended with the payload as shown below:

_{n}) (equivalent to the size of identity) with the identity of a node and then perform encryption. Now the payload is:

## 5. Analysis and Evaluation

#### 5.1. Security Resiliency Analysis

**Notations and definitions:**Denote a generic node by m. The set of neighbors of m is denoted by N

_{m}, which also includes m itself. The number of forward and backward nodes of m is denoted by m

_{f}and m

_{b}respectively. If a node a is a backward node of m, then we denote it as a → m. We say that a node a is in the backward set of node m, if a → a

_{1}→ . . . a

_{r}→ m, for some nodes a

_{1}, . . . a

_{r}where r ≥ 0. For compact notation we will denote this as a →

^{r}m, if the IDs of the intermediate nodes are not significant. We will also use the notation →

^{r}m to denote a generic node, who is r links (hops) away from m. Define the backward set C

_{m}of m as C

_{m}= {a|a →

^{r}m, r ≥ 0}, that is the set of all the possible nodes such that they have a forward link to m. Denote the base station as B. It will also be seen as another node. Let the total number of nodes in the network excluding the base station be N. We will use the term “adversary is in possession of a node” to indicate that the adversary can passively listen to any communication within the radio range of that node.

**Claim 1:**Suppose 𝒜 is in possession of B. Let B

_{b}be the number of backward nodes of the base station (nodes one hop away from the base station). Then for any packet q received by B and for large enough N:

_{b}be the number of backward nodes to the base station. The packet could only have come from one of the nodes in N

_{B}− {B} (which only contains backward nodes to B). Since the nodes are just a hop away from the BS, so they will not send the packet to another node. Hence for large N we have:

**Claim 2:**Suppose 𝒜 is in possession of a node m. Let c = |C

_{→2m}| denote the number of backward nodes in backward set C

_{→2m}of some node →

^{2}m. Then,

_{m}are the senders, then the packet was forwarded by a node i that is two hops away from m. The adversary knows the ID of that node through the packet q. Thus the adversary makes a list of all the possible backward nodes in the backward set of i. Let that number be denoted by c. Notice that node i could also be the possible sender. Hence the total number of possible senders would be c + 1. We have:

_{1}and m

_{2}. We can safely assume that N

_{m1}∩ N

_{m2}= φ, since it would be more advantageous to the adversary to cover nodes with non-overlapping radio ranges. The adversary will always know whenever any node in N

_{m1}or N

_{m2}is the sender of a packet. How about the case when they are not the senders? There could be two possible cases: without loss of generality, first assume that m

_{2}∈ C

_{m1}. If the packet q was received by some node in N

_{m1}and was received by some node in N

_{m2}before, then the adversary had already checked it when the packet was sent to a node in N

_{m1}. Thus the adversary need only check packets received in N

_{m1}that were not received by N

_{m2}. In this case, the sender cannot be in N

_{m2}. In any case, the adversary has to find out the backward sets of →

^{2}m

_{1}or →

^{2}m

_{2}, depending on where the packet was received. Since, in the adversary’s knowledge, all nodes are equally likely to be senders, the probability of a packet being received at the two sets is the same. In case m

_{2}∉ C

_{m1}, then the adversary has no real advantage except that it can see packets at two disjoint locations in the network. Thus we only state the case when m

_{2}∈ C

_{m1}. We have the following result:

**Claim 3:**Suppose the adversary is in possession of two nodes m

_{1}and m

_{2}. Assume further that m

_{2}∈ C

_{m1}. Let c

_{1}= |C

_{→2m1}| and c

_{2}= |C

_{→2m2}| then:

**Claim 4:**Let us assume that A is in possession of k nodes m

_{k}→

^{r1}⋯ →

^{rk−2}m

_{2}→

^{rk−1}m

_{1}and let m

_{f}and m

_{b}denote the average number of forward and backward nodes averaged over all the k nodes. Let t = m

_{f}+ m

_{b}+ 1. Let for 1 ≤ i ≤ k, c

_{i}= |C

_{→2mi}|, then:

**Observations:**The probability is lowest when the adversary is actually at the base station. If the adversary has more nodes in possession, the probability increases linearly, with more success rate when the nodes are actually connected. This also shows that if a packet originates from any node that does not have a backward node, the adversary will always know the sender. This drawback can be avoided by requiring all nodes to have backward nodes. In other words, avoid a tree topology.

#### 5.2. Memory Consumption Analysis

_{x−bs}. Therefore, total memory required at the sensor node for our proposed scheme is: $M\left(26+32\Delta t\right)+{k}_{\mathit{bs}}^{+}+{k}_{x,bs}$.

- In our proposed schemes, packets always follow different routes. Therefore, the probability of a single node to be overloaded is very low.

#### 5.3. Energy Consumption Analysis

- Phantom single path routing scheme with hop-based approach (PSR-hop).
- Phantom single path routing scheme with sector-based approach (PSR-sec).
- Phantom flood routing scheme with hop-based approach (PFR-hop).
- Phantom flood routing scheme with sector-based approach (PFR-sec).

_{walk}=10 (as recommended in [3]). Figure 6 clearly indicates that, the IRL and r-IRL schemes consume less energy as compared to the PSR-sec, PFR-hop and PFR-sec schemes but slightly consume higher energy as compared to the PSR-hop scheme. This is due to the fact that the IRL and r-IRL algorithms provides more path diversity and packets sometimes took longer paths.

#### 5.4. Path Diversity Analysis

- Length variation: Path could be long or short and mainly dependent on routing scheme. For example, packets always reach to the destination via shortest path. In this scheme, packets may reach to the destination via longer path if any node is not working properly within the shortest available path. With respect to the route privacy, length variation provides minimum route privacy. If we have longer paths, then it will increase time for an adversary to find out actual source node or vice versa. So, the longer path increases safety time.
- Path variation: Each packet may follow different route. It is also dependent on routing strategy. For example, routing scheme make decision about next hop based on the energy level of neighboring nodes. With this approach, one can achieve limited path variation. With respect to the route privacy, if we have more path variation, then it will become clueless for an adversary to guess from where next packet will come.

_{b}for a node i to relay the packet in the backward direction is:

_{f}represents the number of nodes in the forward direction. Figure 8 shows the result of 100 simulation runs in which we have assumed that each node has equal probability to be trusted and un-trusted. It shows that, as the neighborhood size increases, the probability of the packet to move in the backward direction decreases sharply.

#### 5.5. Discussion

## 6. Conclusions and Future work

^{†}This paper is an extended version of our paper entitled “Network level privacy for wireless sensor networks” that has been published in proceedings of the 4^{th}International Conference on Information Assurance and Security (IAS 08), that was held in Naples, Italy in September 2008 (pp. 261–266).

## Acknowledgments

## References and Notes

- Xi, Y.; Schwiebert, L.; Shi, W. Preserving Source Location Privacy in Monitoring-Based Wireless Sensor Networks. Proceedings of Parallel and Distributed Processing Symposium (IPDPS 2006), Rhodes Island, Greece; 2006. [Google Scholar]
- Habitat monitoring on Great Duck Island (Maine, USA). 2002. Available online: http://ucberkeley.citris-uc.org/research/projects/great_duck_island (accessed on 21 August, 2009).
- Ozturk, C.; Zhang, Y.; Trappe, W. Source-Location Privacy in Energy-Constrained Sensor Network Routing. Proceedings of the 2nd ACM workshop on Security of Ad hoc and Sensor Networks, Washington, DC, WA, USA; 2004; pp. 88–93. [Google Scholar]
- Kamat, P.; Zhang, Y.; Trappe, W.; Ozturk, C. Enhancing Source-Location Privacy in Sensor Network Routing. Proceedings of the 25th IEEE International conference on Distributed Computing Systems, Columbus, OH, USA; 2005; pp. 599–608. [Google Scholar]
- Misra, S.; Xue, G. Efficient Anonymity Schemes for Clustered Wireless Sensor Networks. Int. J. Sens. Netw
**2006**, 1, 50–63. [Google Scholar] - Wood, A.D.; Fang, L.; Stankovic, J.A.; He, T. SIGF: A Family of Configurable, Secure Routing Protocols for Wireless Sensor Networks. Proceedings of the 4th ACM Workshop on Security of Ad Hoc and Sensor Networks, Alexandria, VA, USA; 2006; pp. 35–48. [Google Scholar]
- Ouyang, Y.; Le, Z.; Chen, G.; Ford, J.; Makedon, F. Entrapping Adversaries for Source Protection in Sensor Networks. Proceedings of the 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM’06), Niagara-Falls, Buffalo, NY, USA; 2006; pp. 23–34. [Google Scholar]
- Zorzi, M.; Rao, R.R. Geographic Random Forwarding (GeRaF) for Ad Hoc and Sensor Networks: Multihop Performance. IEEE Tran. Mob. Comput
**2003**, 2, 337–348. [Google Scholar] - Zorzi, M.; Rao, R.R. Geographic Random Forwarding (GeRaF) for Ad Hoc and Sensor Networks: Energy and Latency Performance. IEEE Tran. Mob. Comput
**2003**, 2, 349–365. [Google Scholar] - Capone, A.; Pizziniaco, L.; Filippini, I.; de la Fuente, M.G. SiFT: An Efficient Method for Trajectory Based Forwarding. Proceedings of International Symposium on Wireless Communication Systems, Siena, Italy; 2005; pp. 135–139. [Google Scholar]
- Blum, B.; He, T.; Son, S.; Stankovic, J. IGF: A State-Free Robust Communication Protocol for Wireless Sensor Networks; Technical Report CS-2003-11; Department of Computer Science, University of Virginia, USA; 2003. [Google Scholar]
- RYU, J.; Kim, S.G.; Choi, H.H.; An, S.S.; Ahn, S.Y.; Kim, B.J. Method and System for Locating Sensor Node in Sensor Network Using Transmit Power Control. U.S. Patent Application: 2009/0128298 A1. 2009. [Google Scholar]
- Barbeau, M.; Kranakis, E.; Krizanc, D.; Morin, P. Improving Distance Based Geographic Location Techniques in Sensor Networks. Proceedings of 3rd International Conference on Ad Hoc Networks and Wireless, Vancouver, British Columbia; 2004; pp. 197–210. [Google Scholar]
- Perrig, A.; Szewczyk, R.; Tygar, J.D.; Wen, V.; Culler, D.E. SPINS: Security Protocols for Sensor Networks. Wirel. Netw
**2002**, 8, 521–534. [Google Scholar] - Karlof, C.; Sastry, N.; Wagner, D. TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems, Baltimore, MD, USA; 2004; pp. 162–175. [Google Scholar]
- Lopez, J. Unleashing Public-Key Cryptography inWireless Sensor Networks. J. Comput. Security
**2006**, 14, 469–482. [Google Scholar] - Gaubatz, G.; Kaps, J.-P.; Sunar, B. Public Key Cryptography in Sensor Networks-Revisited. Lect. Note. Comput. Sci
**2006**, 3313, 2–18. [Google Scholar] - Armenia, S.; Morabito, G.; Palazzo, S. Analysis of Location Privacy/Energy Efficiency Tradeoffs in Wireless Sensor Networks. IFIP-Networking 2007, LNCS 4479, Atlanta, GA, USA, 2007; 215–226. [Google Scholar]
- Shaikh, R.A.; Jameel, H.; d’Auriol, B.J.; Lee, H.; Lee, S.; Song, Y.-J. Intrusion-Aware Alert Validation Algorithm for Cooperative Distributed Intrusion Detection Schemes of Wireless Sensor Networks. Sensors
**2009**, 9, 5989–6007. [Google Scholar] - Shaikh, R.A.; Jameel, H.; Lee, S.; Song, Y.J.; Rajput, S. Trust Management Problem in Distributed Wireless Sensor Networks. Proceedings of 12th IEEE International Conference on Embedded Real Time Computing Systems and its Applications (RTCSA 2006); IEEE Computer Society: Sydney, Australia, 2006; pp. 411–415. [Google Scholar]
- Jiang, P. A New Method for Node Fault Detection in Wireless Sensor Networks. Sensors
**2009**, 9, 1282–1294. [Google Scholar] - Shaikh, R.A.; Jameel, H.; J. d’Auriol, B.; Lee, H.; Lee, S.; Song, Y.-J. Group-based Trust Management Scheme for Clustered Wireless Sensor Networks. IEEE Trans. Parallel Dist. Sys
**2009**, 20, 1698–1712. [Google Scholar] - Buchegger, S.; Boudec, J.-Y.L. A Robust Reputation System for Peer-to-Peer and Mobile Ad-hoc Networks. Proceedings of P2PEcon, Cambridge, MA, USA; 2004. [Google Scholar]
- Gupta, S. Automatic Detection of DOS Routing Attacks in Wireless Sensor Networks, Master thesis, University of Houston, Houston, TX, USA. 2006.
- Du, X.; Guizani, M.; Xiao, Y.; Chen, H.H. Two Tier Secure Routing Protocol for Heterogeneous Sensor Networks. IEEE Trans. Wirel. Commun
**2007**, 6, 3395–3401. [Google Scholar] - Karlof, C.; Wagner, D. Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures. Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications (WSNA03); IEEE Computer Society: Anchorage, Alaska, USA, 2003; pp. 113–127. [Google Scholar]
- Srinivasan, A.; Teitelbaum, J.; Liang, H.; Wu, J.; Cardei, M. Reputation and Trust-based Systems for Ad Hoc and Sensor Networks. In Algorithms and Protocols for Wireless Ad Hoc and Sensor Networks; Boukerche, A., Ed.; Wiley & Sons: New Jersey, NJ, USA, 2006. [Google Scholar]
- Durresi, A.; Paruchuri, V.; Durresi, M.; Barolli, L. Anonymous routing for mobile wireless ad hoc networks. Int. J. Distrib. Sens. Netw
**2007**, 3, 105–117. [Google Scholar] - Pfleeger, C.P.; Pfleeger, S.L. Security in Computing, 4th ed.; Prentice Hall: New Jersey, NJ, USA, 2006. [Google Scholar]
- Latif, R.; Hussain, M. Hardware-Based Random Number Generation in Wireless Sensor Networks(WSNs). Lect. Not. Comput. Sci
**2009**, 5576, 732–740. [Google Scholar] - Seetharam, D.; Rhee, S. An Efficient Pseudo Random Number Generator for Low-Power Sensor Networks. Proceedings of Annual IEEE International Conference on Local Computer Networks (LCN’04), Tampa, FL, USA; 2004. [Google Scholar]
- Tilak, S.; Abu-Ghazaleh, N.B.; Heinzelman, W. A Taxonomy of Wireless Micro-Sensor Network Models. SIGMOBILE Mob. Comput. Commun. Rev
**2002**, 6, 28–36. [Google Scholar] - Shaikh, R.A.; Lee, S.; Khan, M.A.U.; Song, Y.J. LSec: Lightweight Security Protocol for Distributed Wireless Sensor Network. Lect. Not. Comput. Sci
**2007**, 4217, 367–377. [Google Scholar] - Jamieson, K.; Balakrishnan, H.; Tay, Y.C. Sift: A MAC Protocol for Event-DrivenWireless Sensor Networks. Lect. Not. Comput. Sci
**2006**, 3868, 260–275. [Google Scholar] - Lee, S.H.; Cho, B.-H.; Choi, L.; Kim, S.-J. Event-Driven Power Management for Wireless Sensor Networks. Lect. Not. Comput. Sci
**2007**, 4761, 419–428. [Google Scholar] - Figueiredo, C.M.S.; Nakamura, E.F.; Loureiro, A.A.F. A Hybrid Adaptive Routing Algorithm for Event-Driven Wireless Sensor Networks. Sensors
**2009**, 9, 7287–7307. [Google Scholar] - Al-Karaki, J.N.; Kamal, A.E. Routing Techniques in Wireless Sensor Networks: A Survey. IEEE Wirel. Commun
**2004**, 11, 6–28. [Google Scholar] - Chenyang, Lu; Blum, B.M.; Abdelzaher, T.F.; Stankovic, J.A.; He, T. RAP: A Real-Time Communication Architecture for Large-Scale Wireless Sensor Networks. Proceedings of 8th IEEE Real-Time and Embedded Technology and Applications Symposium, San Jose, CA, USA; 2002; pp. 55–66. [Google Scholar]
- Amin, S.O.; Siddiqui, M.S.; Hong, C.S.; Lee, S. RIDES: Robust Intrusion Detection System for IP-Based Ubiquitous Sensor Networks. Sensors
**2009**, 9, 3447–3468. [Google Scholar] - Bloom, B.H. Space/Time Trade-Offs in Hash Coding with Allowable Errors. Commun. ACM
**1970**, 13, 422–426. [Google Scholar] - Szymanski, B.K. SENSE: Sensor Network Simulator and Emulator. Available Online: http://www.ita.cs.rpi.edu/sense/index.html (accessed on 25 April, 2009).
- Crossbow Inc. Wireless Sensor Networks, MICA2 Series. Available Online: http://www.xbow.com (accessed on 21 June, 2008).

**Figure 5.**Memory consumption analysis: N= 100; K=8 bytes; Δt = 5; ${k}_{\mathit{bs}}^{+}=20$ bytes; k

_{x−bs}= 8 bytes.

PFR [3] | PSR [4] | SAS &CAS [5] | CEM [7] | SIGF [6] | GeRaF [8, 9] | SiFT [10] | |
---|---|---|---|---|---|---|---|

Required information for routing | ID of destination | Routing table (e.g., destination ID, #of hops etc.) | Depending on a routing scheme | Depending on a routing scheme | Own, destination, & neighborhood locations | Own and destination location | Destination trajectory and own location |

Transmission mechanism | 1st phase: Point-to-point; 2nd phase: Broadcast | Point-to-point | Depending on a routing scheme | Depending on a routing scheme | Point-to-point | Broadcast | Broadcast |

Decision place for forwarding | 1st phase: Transmitter; 2nd phase: Receiver | Transmitter | Depending on a routing scheme | Depending on a routing scheme | Transmitter | Receiver | Receiver |

Criteria for forwarding packet to next hop | 1st phase: random; 2nd phase: flooding | 1st phase: random; 2nd phase: shortest in terms of hops | Depending on a routing scheme | Depending on a routing scheme | Randomly select any trusted node lies in forwarding region | Node that is closer to the destination in terms of location | Node that is closer to the destination in terms of trajectory |

Identity privacy | Not Available | Not Available | Available | Not Available | Not Available | Not Applicable | Not Applicable |

Route privacy | Available | Available | Depending on a routing scheme | Depending on a routing scheme | Available | Available | Available |

Location privacy | Available | Available | Not Available | Available | Available | Not Applicable | Not Applicable |

Data privacy | Not Available | Not Available | Available | Available | Available | Not Applicable | Not Applicable |

Neighbor nodeID (Integer) | Direction | Past interactions based on time window | Trust value | |||||
---|---|---|---|---|---|---|---|---|

Successful interactions (S_{x,y}) | Unsuccessful interactions (U_{x,y}) | |||||||

1 | F (00) | 10 | ... | 5 | 4 | ... | 1 | 90 |

2 | B_{R} (01) | 2 | ... | 4 | 8 | ... | 2 | 25 |

⋮ | ⋮ | ⋮ | ⋮ | ⋮ | ⋮ | ⋮ | ⋮ | ⋮ |

M | B_{L}(11) | 5 | … | 7 | 0 | … | 3 | 70 |

PFR [3] | (16+1)M bits |

PSR [4] | (16+16+1)M bits |

SAS [5] | K(4M+2N)+16M bits |

CAS [5] | K(6+7M)+16M bits |

IRL / r-IRL | $M\left(26+32\Delta t\right)+{k}_{\mathit{bs}}^{+}+{k}_{x,bs}\text{bits}$ |

Network specific | Number of nodes | 300 |

Distance b/w nodes | 50 units | |

Mobility of nodes | zero | |

Node specific | Sensor node’s Initial battery | 1 × 10^{6}J |

Power consumption for trans. | 1.6W | |

Power consumption for recv. | 1.2 W | |

Idle power consumption | 1.15W | |

Carrier sense threshold | 3.65e^{−10}W | |

Receive power threshold | 1.55e^{−11}W | |

Frequency | 9.14e^{8} | |

Trans. & Recv. antenna gain | 1.0 | |

Protocol & Application specific | Application | CBR |

Reliability param. r for r-IRL | 3 | |

h_{walk} param. for PFR & PSR | 10 |

© 2010 by the authors; licensee Molecular Diversity Preservation International, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/).

## Share and Cite

**MDPI and ACS Style**

Shaikh, R.A.; Jameel, H.; D’Auriol, B.J.; Lee, H.; Lee, S.; Song, Y.-J.
Achieving Network Level Privacy in Wireless Sensor Networks. *Sensors* **2010**, *10*, 1447-1472.
https://doi.org/10.3390/s100301447

**AMA Style**

Shaikh RA, Jameel H, D’Auriol BJ, Lee H, Lee S, Song Y-J.
Achieving Network Level Privacy in Wireless Sensor Networks. *Sensors*. 2010; 10(3):1447-1472.
https://doi.org/10.3390/s100301447

**Chicago/Turabian Style**

Shaikh, Riaz Ahmed, Hassan Jameel, Brian J. D’Auriol, Heejo Lee, Sungyoung Lee, and Young-Jae Song.
2010. "Achieving Network Level Privacy in Wireless Sensor Networks" *Sensors* 10, no. 3: 1447-1472.
https://doi.org/10.3390/s100301447