Source location privacy in wireless sensor networks using data mules.

1
Source Location
privacy in wireless
sensor networks using
data mules

2
Chapters
1. Abstract 3
2. Introduction 4
2.1. Source-Location Privacy 5
2.2. Why Source-Location Privacy? 5
3. Related Works 7
4. Solutions for providing source location privacy 9
5. System Model 12
6. Preliminaries 12
7. Attack Model 12
7.1. α-Angle Anonymity 13
8. Mules-Saving-Source Protocol(MSS) 14
9. Direct Delivery Protocol (DD) 16
10. Proposed Model: MDD Protocol 18
10.1. Working of MDD Protocol 19
11. Experiments and Results 22
11.1. Proposed Simulation Model 23
11.2. Results 27
11.3. Average time delay of MDD Protocol 36
12. Comparison with Direct Delivery Protocol 36
12.1. Result analysis of DD and MDD Protocol 37
12.2. Advantages of MDD protocol 38
12.3. Disadvantages of MDD protocol 38
13. References 39

3
1. Abstract
Wireless sensor networks (WSNs) have many promising applications for monitoring critical
regions, such as in military surveillance and target tracking. In such applications, privacy of the
location of the source sensor is of utmost importance as its compromise may reveal the location
of the object being monitored. Traditional security mechanisms, like encryption, have proven to
be ineffective as location of the source can also be revealed by analysis of the direction of traffic
flow in the network.
In this paper, we investigate the source-location privacy issue and discuss the attack model as
semi-global eavesdrop attack model being more realistic than the local or global eavesdropping
attack model. Additionally, we adapt the conventional function of data mules to design a new
protocol for securing source location privacy called the Modified-Direct-Delivery (MDD)
protocol and analyze its capabilities, limitations and drawback against two other protocols called
the Mules-Saving-Source (MSS) protocol and Direct-Delivery (DD) protocol.
We analyze the delay incurred by using data mules in our protocol and examine the association
between privacy preservation and data delay in our protocol through simulation.
Keywords: source location privacy, data mules, wireless sensor networks, mules saving source
protocol, direct delivery protocol

4
2. Introduction
In recent years, WSNs have played an important role in a number of security applications, like
remotely monitoring objects etc. In such applications, the location of the monitored object is
tightly coupled with the sensor that detects it, called the data source. Therefore, preserving the
location of data source is important for protecting the object from being traced. Such a
preservation cannot be simply accomplished by encrypting the data packets as the location of the
data source can be disclosed by analyzing the traffic flow in WSNs.
There have been extensive techniques proposed to preserve source-location privacy against
different attack models:
Local-eavesdropping model - Local-eavesdropping assumes the attacker’s ability to monitor the
wireless communication is limited to a very small region, up to very few hops.
Global-eavesdropping model - The attacker is assumed to be capable of monitoring the traffic
over the entire network.
Both being unrealistic, because the former stringently restricts the attacker’s ability, while the
latter exaggerates it, considering resources and cost required for launching such an attack.
Semi-Global eavesdropping model - A more practical attack model, in this semi-global
eavesdropping model, the attacker is able to eavesdrop on wireless communications in a
substantial area that is much smaller than the entire monitoring network. This attack model
allows the attacker to gather substantially more information than a local eavesdropper.
Under the semi-global eavesdropping model, we explore a novel protocol for preserving source-
location privacy by using data mules. Traditionally, data mules are used in WSNs for reducing
energy consumption due to the data transmission between sensors and facilitating
communication in disconnected networks. A data mule picks up data from the data source and
then delivers them directly to the base station. We adapt the functionality of data mules so that
they not only maintain their traditional functionality, but also facilitate the preservation of the
location privacy of data sources.

5
2.1. Source-Location-Privacy
The problem of preserving source-location privacy can be explained using the “Panda Hunter
Game”, in which the sensors are deployed in the forest to monitor the movement of pandas. Each
panda is mounted with an actuator which signals to the surrounding sensors in its communication
range. When the sensor close to the panda receives the signal, it creates and sends data reports to
the base station over the wireless network. A hunter who is monitoring the wireless
communication between the sensors will be able to identify the direction of incoming traffic flow
and trace back the data transmission path to locate the data source, thus catching the panda. In
fact, any WSNs used for such monitoring applications are vulnerable to such kinds of traffic
analysis based attacks.
2.2. Why source-location-privacy?
In a wireless sensor network, location information often means the physical location of the event,
which is crucially given some applications of wireless sensor networks. So if an attacker gets
location information by analyzing a message that was captured, he will move to the location and
monitor the event. Meanwhile, the attacker will collect a lot of private information. So the
information retrieved by these networks is of vital importance and must be properly secured not
only from curious eavesdroppers but also from more skilled adversaries. Messages traversing the
network can be protected using traditional confidentiality and integrity mechanisms. But, even if
an adversary cannot obtain the information contained in the payloads, he can still retrieve other
sensitive information by observing and analyzing the communications. For example, an attacker
can obtain the information from the network and the environment being monitored by simple
observation of the network traffic. Besides, an attacker can compromise users’ location privacy
by observing the wireless signals from user devices
Although many existing privacy techniques can be employed in sensor network scenarios, they
cannot effectively preserve the sensor location in a sensor network. The reason is that the
problems are different in fact and many of the methods introduce overhead which are too

6
burdensome for sensor networks. And many techniques do not consider the capacity, computing
power, and power of sensors, which are the limiting factors in wireless sensor networks. And
some techniques analyze privacy and anonymity issues and propose solutions by manipulating
the message contents. In contrast to their schemes, this paper addresses the location privacy
threat due to the physical wireless medium that allows the adversary to perform traffic analysis
to derive the message flows.
In wireless sensor networks, minimization of energy consumption is considered a major
performance criterion to provide maximum network lifetime. Ant colony optimization
algorithms simulating the behavior of ant colony have been successfully applied in many
optimization problems such as vehicle routing and the asymmetric traveling salesman as well as
routing in wireless sensor networks

7
3. Related Works
In wireless sensor networks, it is important to provide confidentiality to the sensor’s location. In
this section, we describe previous proposed technologies that were designed to preserve the
source location in wireless sensor networks.
For a more comprehensive taxonomy of techniques of preserving privacy in WSNs, readers may
refer to the state-of-the-art survey
Fan et al. [02] preserve location privacy by using homomorphic encryption operations to prevent
traffic analysis in network coding. In [03], each cluster header can filter the dummy packets
received from the sensor nodes of its cluster to reduce the number of dummy packets. However,
the scheme requires much computation overhead due to using asymmetric-key cryptography, and
the packet delivery delay is long because the cluster header sends packets with a fixed rate
regardless of the number of events it collects.
Mehta et al. [04] formalize the location privacy problem using a global adversary model and
compute a lower bound for the overhead required for achieving a given level of privacy
protection.
The proposed scheme by Alomair et al. [05] can guarantee event indistinguishability by achieving
interval indistinguishability, where the adversary cannot distinguish between the first, the
middle, or the end of the interval.
In [06], dummy packets can be filtered at proxy nodes, and the lifetime of the WSN is analyzed at
different proxy assignment methodologies. Hong et al. [07] propose a scheme that can thwart time
correlation attack. In this attack, the adversary exploits the time correlation of transmissions in
successive links to learn the end-to-end route.
Zhou and Yow [08] propose an anonymous geographic routing algorithm which includes three
components to avoid the explicit exposure of identity and location in communication.
For local-eavesdropping based attack, flooding based approach was first introduced in [10], where
each sensor broadcasts data that it receives to all its neighbors. However, this technique suffers
from high communication overhead for sensors.
In [09], each data packet is first relayed to a randomly selected intermediate sensor in the network
and then is forwarded towards base station along the shortest path.

8
In [01], FitProbRate is proposed to maintain source anonymity, which is an exponentially
distributed dummy traffic generation scheme. The Fitprob parameter decides the dummy traffic
generated at a dynamic rate, which differs from other similar works. It is a great improvement
over source simulation and fake sources but still has the drawback of having overhead due to
dummy packet generation.

9
4. Solutions for providing source location privacy
1. Random Walk: The aim of the “random walk” approach is to have packets follow a random
route through the network. The random walk should make a packet’s path look completely
random to an adversary in order to counter the adversarie’s traffic analysis and hop-by-hop
traces. Solutions in this category use either a technique derived from the random walk, as
described by Ozturk et al[10], or a technique that results in a similar pattern, such as rumor
routing from Braginsky et al and routing through randomly selected intermediary node from
Li et al.
The following solutions are part of this category: angle based multi-intermediate nodes
selection ,the directed random walk, the greedy random walk, the location privacy support
scheme, the mules saving- source protocol, opportunistic routing, phantom routing, phantom
routing with location angle, phantom single-path routing, random routing, the random routing
scheme, routing through randomly selected intermediary node, the self-adjusting directed
random walk, and a combination of different solutions.
2. Geographic Routing: Solutions in this category use the physical location of the nodes
together with geographic routing algorithms to route packets through the WSN. Geographic
routing algorithms take the position of a node, its neighbor’s, and the sink into account, in
order to route a packet from the source to the sink. The solutions in this section make use of
additional methods, such as the usage of synonyms, encryption, and random intermediary
node selection to hide the flow of the traffic against a local adversary.
3. Delay: This category consists of solutions that alter the flow of the traffic as follows. Each
node buffers incoming packets and holds a packet for a random time before forwarding. As a
result, nodes alter the chronological order of the packets: they send the packets in a different
order than how they received them. As the chronological order of the packet change, so does
the traffic pattern. The change of the traffic pattern makes it hard for a local adversary to
track the traffic to the actual source.

10
4. Using dummy data sources: Solutions in this category introduce dummy traffic to alter the
real traffic. The aim is that an adversary should no longer be able to see which part of the
traffic is real, and which part is fake. In this category, we found the following solutions :
aggregation-based source location protection scheme, a real and a fake cloud-based scheme
for protecting source location privacy, constant rate , the dynamic bidirectional tree,
distributed resource allocation algorithm, dummy wake-up scheme , fake sources 1 and fake
sources 2, fitted probabilistic rate , the group algorithm for fake-traffic generation, globally
optimal algorithm, the heuristic greedy algorithm , mixes , the optimal filtering scheme,
periodic collection, persistent fake source routing, the probabilistic algorithm , proxy-based
filtering , SECLOUD, short-lived fake source routing, source simulation , the timed efficient
source privacy preservation, the timing analysis resilient protocol, tree based filtering ,the
trusted computing enabled heterogeneous WSN , unobservable handoff trajectory , and the
zigzag bidirectional tree.
5. Cyclic Entrapment: The solutions in this category aim at confusing the adversary by
shaping the traffic between nodes in cyclic patterns. A local adversary, who tracks the traffic
between the nodes, will travel in circles without finding the actual source. This category
consists of two solutions: cyclic entrapment method and information hiding in distributing
environments.
6. In Network Location Anonymization: Solutions in this category hide either the identity or
the location of a node. The following solutions are part of this category: the anonymous
communication scheme, anonymous path routing, the cryptographic anonymity scheme,
destination controlled anonymous routing protocol for sensor nets, hashing based ID
randomization, max query aggregation, phantom ID, the probabilistic destination controlled
anonymous routing protocol for sensor nets, the reverse hashing ID randomization, and the
simple anonymity scheme.
7. Cross-layer Routing: With cross-layer routing, the nodes use the beacon frames, which are
normally only used for network maintenance, to share information on sensed events. Local
adversaries, which normally only listen to the network level packets, miss part of the

11
information exchange, and do not find the real source. This category has two solutions: the
cross-layer solution and the double cross-layer solution.
8. Separate Path Routing: A local adversary often needs multiple packets along the same
route to track the actual source. The solutions based on separate path routing make sure that
the packets travel via different nonintersecting paths from source to sink. Using separate
paths leads to fewer packets per path, which delays the local adversary in its tracking, or even
makes the adversary unable to track the actual source at all. This category consists of random
parallel routing, weighted random stride routing, and weighted random stride routing towards
a global viewing adversary.
9. Network Coding: In network coding, each node cuts up its message and sends it out in
smaller pieces. These pieces are then forwarded via different routes towards the sink. This
category consists of the solutions from Fan et al as they propose to use network coding to
provide SLP.
10. Limit Node Delectability: This category consists of solutions that limit the transmission
power of the nodes to make them harder to detect. We have identified the following solutions
in this category: anti localization by silencing, context-aware location privacy, hidden
anchor, hyberloc, lowering radio transmission power, and multi cooperator power control.
From the above mentioned techniques we will be presenting two already developed privacy
protocols and then propose the modified protocol for privacy in wireless sensor networks.

12
5. System Model[10]
The terrain of our underlying network is a finite two-dimensional grid, which is further divided
into cells of equal size. The network is composed of one base station, static sensors, and mobile
agents, called data mules.
Static sensors - All static sensors are homogeneous with the same lifetime and capabilities of
storage, processing as well as communication. They are deployed uniformly at random in the
cells, and assumed to guarantee the connectivity of the network.
Data mules - Data mules are the mobile agents which can be artificially introduced in the
network [10]. We assume they move independently and do not communicate with each other.
Also, they are assumed to know their own locations when they are moving all the time. Their
mobility pattern can be modeled as a random walk on the grid, whereby in each transition it
moves with equal probability to one of the horizontally or vertically adjacent cells. After a data
mule moves into a cell, it stays there for tpause time period before its next transition.
At the beginning of the pause interval, the data mule announces its arrival by broadcasting Hello
Message. Only data source will respond and relay buffered data to the data mule. We assume the
data mule does not communicate with sensors when moving. The data mule’s communication
range is larger than that of a sensor, thus a data source which cannot directly transmit data to
the data mule will use multi-hop routing.
6. Preliminaries
In this section, we will first introduce our attack model and then propose a linear-regression
based approach for analyzing data traffic. Furthermore, we will demonstrate the effectiveness of
out attack model by compromising the phantom routing protocol [11]. Finally, we will define the
α-angle anonymity model for studying the location privacy preservation of data source.
7. Attack Model
We assume the attacker is capable of launching only passive attacks, in which he can only
monitor the traffic transmission but not decrypt or modify data packets. Suppose the attacker
monitors the radio transmissions between sensors in a circular area of radius Ratt. Larger the

13
monitoring area, stronger the attacker. If the monitoring area is large enough to cover the whole
network, it is global eavesdropping; on the other hand, if the area is limited only to a few hops, it
is local eavesdropping. However, we define semi-global eavesdropping as whose strength lies in
between the two extreme attack models. In addition, we believe without any prior knowledge of
source location, the attacker is inclined to launch the attack by collecting traffic data from around
the base station. Intuitively, since the whole network traffic converges to the base station, it
serves as the ideal point for starting the attack. Admittedly, the attacker can make an initial
estimation of the direction of data source and move in that direction. Meantime, he can keep
updating his estimation with more traffic observed as he moves, until he finds the data source.
However, in this paper we aim to discourage the attacker even from making a good initial
estimation before he starts moving.
Traffic flow in phantom routing
7.1. α-Angle Anonymity[10]
In order to anonymize source location privacy under semi-global eavesdropping attack, we
introduce α-angle anonymity model. This model ensures the preservation of source location
privacy by enlarging the inference space from which the attacker estimates the real direction of
the data source. The inference space is determined by the system variable α. The value of α can
be open to the public, even including the attacker, however, this should not threaten the privacy

14
of source location. According to the definition, we can see that the larger the value α, the larger
the inference area. The shaded area in Fig. 2 represents the attacker’s inference space. Given a
larger inference space, the attacker cannot deterministically estimate the real direction or location
of data source, thereby the source location privacy being preserved.
A protocol is α-angle anonymous if the real direction of data source is equally likely distributed
in the angle range [β − α, β + α], where β is the angle of the direction inferred by the attacker
based on his observation.
8. Mules-Saving-Source Protocol(MSS) [10]
To protect the source location privacy against a semi-global eavesdropper, we design a protocol,
called Mules-Saving-Source protocol, achieving α-angle anonymity.
Our protocol exploits the random mobility of data mules to establish a data transmission pattern
which effectively preserve the location privacy of data source. Specifically, we modify the
traditional function of data mules by having them hand data to regular sensors at only specific
locations in the network, from where data will be further routed towards base station along the
shortest paths[10]. The specific sensors will be selected so as to bias the direction of composite
traffic to be derived by the attacker based on data transmission he observes around base station.
In fact, solely allowing data mules to directly deliver data to base station can thoroughly preserve
source location privacy against a semi-global eavesdropper. This is because the data transmission
between data source and base station is completely hidden by the random movement of the data
mules which ferry data. However, its disadvantage is the non-trivial delay caused by data mules,
which may not be tolerable especially in large-scale wireless sensor networks.
In this section, we first describe our protocol and then prove it to be α-angle anonymous. Note
that we predefine a coordinate system with the base station as the origin, which is assumed to be
known by data mules. Our protocol includes three phases:

15
I. picking a fake direction at source,
II. carrying and unloading data by data mules, and
III. routing data to the base station
Phase I. Picking a fake direction at source - When a target is detected by the sensors, they
coordinate among themselves and let the one closest to the target become the data source. The
coordination protocol has been well studied in literature [13] and its discussion is out of the scope
of this paper. The data source periodically generates and sends data reports towards base station.
Additionally, it generates a value of β as the fake direction of data source to be used for biasing
the attacker’s observation in the traffic flows coming towards base station. Specifically, the data
source selects β from the range [θ − α, θ + α] uniformly at random, where θ is the absolute angle
between the direction of data source and the direction of x-axis in our coordinate system, and α is
a value preset to configure the privacy preservation level. The β angle is known only by the data
source[10] initially.
Phase II. Carrying and unloading data by data mules - When a data mule moves into a cell, only
the data source in its communication range responds with the buffered packets. Along with the
data, the data source also sends the value of β angle the data mule. After getting the data, the data
mule roams around the network until reaching certain location, called dropping point[10].
Dropping point is referred to as any point located on the dropping line drawn from base station at
an angle β in the coordinate system. Upon arriving in a cell intersecting with the dropping line,
the data mule unloads the data to the sensor closest to the dropping line present within the cell.
Phase III. Routing data at sensors - After data packets are offloaded to a sensor by the data
mule, they are routed towards base station along the shortest path. Ideally, the transmission path
is along the dropping line. However, due to the nonlinear multi-hop routing[10], data transmission

16
may have trivial deviation from the dropping line, which should not affect the privacy
preservation. One can see the traffic flow will go towards base station roughly along the
direction with a β angle, thereby successfully biasing the attacker’s inference of data source
direction.
9. Direct Delivery Protocol (DD)
Mule Saving Source protocol hand over the data to regular sensors at only specific locations in
the network, from where data will be further routed towards base station along the shortest paths.
But in Direct Delivery protocol the data is collected by the data mules and is directly delivered to
the basestation. In this protocol, the data delivery performance is not satisfactory and the delay of
delivery is usually very long than mule-saving-source protocol.
This protocol works in a simple and single module i.e picking up the data from the sensor nodes
and delivering it directly to the basestation or the sink. The main advantage of the protocol is DD
protocol guarantees the complete preservation[10] of the location privacy of data source, however
the disadvantage is the high delay[10], as compared to MSS protocol.
According to the attack models[10] we have discussed in this paper, the traffic in the network can
be used to detect the source node, however with direct delivery protocol the data is carried by the
data mules and their path are random, and they collect data from the source and deliver it to the
sink when in range. This protocol guarantees complete security because traffic analysis[10]
cannot be performed over the network when data mules carry the data from the source to the
sink.
In direct delivery protocol, the performance of the protocol can be improved with the
improvement in mobility pattern algorithm used for each data mule.
The path vector can be altered or improved by considering the following factors:
(1) Path selection: which trajectory the data mule follows

17
(2) Speed control: how the data mule changes the speed while moving along the path
(3) Job scheduling: from which sensor the data mule collects data at each time point
Path selection is to determine the trajectory of the data mule in the sensor field. To collect data
from each particular sensor, the data mule needs to go in the sensor’s communication range at
least once.
Speed control is to determine how the data mule changes its speed along the chosen path. The
data mule needs to change the speed so that it stays within each sensor’s communication range
long enough to collect all the data from it.
Job scheduling is done once the time-speed profile is determined, we get a mapping from each
location to a time point. Thus we get a scheduling problem by regarding data collection from
each sensor as a job. Each job has one or more intervals in which it can be executed. Job
scheduling is to determine the allocation of time to jobs so that all jobs can be completed.
However, there is a tradeoff between source privacy and time delay for data transmission from
source to the basestation or the sink. When privacy of source location is the primary objective we
need to deploy direct delivery protocol considering no constraint on time delay of data delivery,
in other cases, mule-saving-source (MSS) protocol delivers data with better efficiency than the
direct delivery protocol.

18
10. Proposed Model : Modified-Direct-Delivery (MDD) Protocol
The proposed solution for the source location privacy has the following elements, properties and
terminologies:
I. Sensor Field: Sensor field is a square block with dimension of 400m x 400m.
This area is the working field of sensors and the mules in the simulation.
II. Sensors: Sensors are homogeneous with the same lifetime and capabilities of storage,
processing as well as communication. They are deployed uniformly at random in the
cells, and assumed to guarantee the connectivity of the network.
III. Zones: Sensor field is divided into zones, each zone contain different number of
sensors and data mules. These zones play a major role in fast delivery of data in the
proposed protocol.
IV. Data Mules: Data mules are the mobile agents which can be artificially introduced in
the network. In this protocol, they move independently and do communicate with
each other by establishing an ad-hoc network when two mules are in transmission
range. They communicate to deliver data. They are assumed to know their own
locations when they are moving all the time. Their mobility pattern can be modeled as
a random walk on the grid. They may be equipped with GPS facility so that they can
calculate the relative location over the sensor field.
V. Base Station: Base Station or the sink is the central repository of the data transmitted
by source in the sensor field. The data collected by the data mules is delivered to base
station, which is then organized and analyzed for fruitful results.
VI. Active Sensors or Source Sensors: In a simulating environment, every sensor in the
field need not transmit data; sensors are chosen randomly that have data and they

19
needed to transmit it to the data mules. Such sensors are active sensors. They are
ready to transmit and can sense the presence of data mule.
VII. Ad-hoc Networks: These networks are established when two data mules either from
same zone or different are in transmission range. This network is used to transmit the
collected data from one zone to other and subsequently to the zone with basestation.
10.1. Working of MDD Protocol
To ensure source location privacy and ensure it with better performance i.e. with minimum time
delay we have designed the protocol assuming all sensor nodes deployed have same energy and
the load over the data mule is balanced. In this protocol we have used a major part of direct-
delivery (DD) protocol, the data from the source node is delivered directly to the basestation but
the technique and process of delivery of data is improved by introducing zones and ad-hoc
network in between the data mules. The inter mule communication improves the time delay in
data delivery while the direct delivery of data from source to the sink is guaranteed.
The working of MDD protocol starts with an active node or source node that have some data that
it sensed based on the type of sensor; it may be temperature sensing, motion sensing, heat
sensing or any other sense property.
In this protocol we have three types of static sensors based on their state:
I. OFF Sensors: These are the sensors that are in a state in which their radio are in
OFF_STATE; they cannot sense process or transmit data in this state.
II. SLEEP Sensors: Sensors have a lot of energy consumption while they are sensing,
processing or transmitting. To reduce the frequent use of energy, when no event is

20
scheduled; the sensors fall into sleep state for some time and wake up immediately
when event get scheduled. This saves energy.
III. ACTIVE Sensors: Sensors that are ready to sense or have sensed and need to
transmit data to the mules are in ACTIVE state. These sensor nodes are considered as
source nodes and their location is need to preserved.
However the sensors are deployed in a field that is further divided into zones. The data mules
present in zone can collect data from the same zone only. The data mule collects data from active
sensors and the data is retransmitted to the other data mule through ad-hoc networks established
when these agents are in transmission range of each other.
The data transmission between the mules carry data from one zone to other as data transmission
takes place with the mule from other zone closer to the base station. This process has a major
impact over the reduction in time delay of data transmission. This time delay can be further
reduced by introducing path vector algorithms that improve efficiency of data transmission by
altering the parameter and properties of the data mule.
The efficiency is improved by following factors:
(1) Path selection[12]: which trajectory the data mule follows
(2) Speed control[12]: how the data mule changes the speed while moving along the path
(3) Job scheduling[12]: from which sensor the data mule collects data at each time point
Path selection is to determine the trajectory of the data mule in the sensor field. To collect data
from each particular sensor, the data mule needs to go in the sensor’s communication range at
least once.

21
Speed control is to determine how the data mule changes its speed along the chosen path. The
data mule needs to change the speed so that it stays within each sensor’s communication range
long enough to collect all the data from it.
Job scheduling is done once the time-speed profile is determined, we get a mapping from each
location to a time point. Thus we get a scheduling problem by regarding data collection from
each sensor as a job. Each job has one or more intervals in which it can be executed. Job
scheduling[12] is to determine the allocation of time to jobs so that all jobs can be completed.
The intercommunication between data mules is continued till the data is received by the mule in
zone containing the sink or basestation. The mule in this zone carries the data to the base station
which is then delivered and used for analysis purpose.

22
11. Experiments and Results
Modified-Direct-Delivery protocol is simulated and the results are obtained for analysis and
comparison purpose. The simulator used for the experiment purpose is OMNeT++. OMNeT++ is
a very efficient and powerful wireless sensor network simulator. OMNeT++ is an object-oriented
modular discrete event network simulation framework. It has a generic architecture, so it can be
(and has been) used in various problem domains:
 Modeling of wired and wireless communication networks
 protocol modeling
 modeling of queuing networks
 modeling of multiprocessors and other distributed hardware systems
 validating of hardware architectures
 evaluating performance aspects of complex software systems
 in general, modeling and simulation of any system where the discrete event approach
is suitable, and can be conveniently mapped into entities communicating by exchanging
messages.
OMNeT++[13] itself is not a simulator of anything concrete, but rather provides infrastructure
and tools for writing simulations. One of the fundamental ingredients of this infrastructure is
component architecture for simulation models. Models are assembled from reusable components
termed modules.
Modules can be connected with each other via gates (other systems would call them ports),
and combined to form compound modules. The depth of module nesting is not limited. Modules
communicate through message passing, where messages may carry arbitrary data structures.
Modules can pass messages along predefined paths via gates and connections, or directly to their
destination.
OMNeT++ [13]also supports parallel distributed simulation. OMNeT++ can use several
mechanisms for communication between partitions of a parallel distributed simulation, for
example MPI or named pipes. The parallel simulation algorithm can easily be extended, or new
ones can be plugged in. Models do not need any special instrumentation to be run in parallel – it

23
is just a matter of configuration. OMNeT++ can even be used for classroom presentation of
parallel simulation algorithms, because simulations can be run in parallel even under the GUI
that provides detailed feedback on what is going on.
The OMNeT++ simulation IDE[13] is based on the Eclipse platform and extends it with new
editors, views, wizards, and other functionality. OMNeT++ adds functionality for creating and
configuring models (NED[13] and INI[13] files), performing batch executions and analyzing the
simulation results, while Eclipse provides C++ editing, SVN/GIT[13] integration and other
optional features (UML modeling, bug-tracker integration, database access, etc.) via various
open-source and commercial plug-in. The environment will be instantly recognizable to those at
home with the Eclipse platform.
11.1. Proposed Simulation Model
The proposed simulation model for analyzing the proposed modified-direct-delivery protocol we
have designed an event based simulation. We are especially interested in large-scale sensor
networks where there is a reasonably large separation between the source and the sink. The main
area of interest is the time delay in the delivery of the data from the source to the sink. From the
results obtained in the simulation i.e. the time between the creation of a message from a source to
the time of delivery to the sink is calculated.
In this model, the sensor field is divided into four different zones identified by four different
colors. The number of data mules deployed in each zone is based on the total number of sensor
nodes deployed in a zone i.e.
Number of Data Mules in a zone α Number of Sensor Nodes
Every sensor node has different states; to describe state of every sensor in the simulation
different colors are used.
I. Off State : Grey
II. Sleep State : Black
III. Active State : Red

24
Sleep time and Idle time are defined accordingly where Sleep time is the maximum time limit
when the sensor can go offline and the Idle time is the time limit taken by the sensor before
entering into the sleep time. To record the events generated through the simulation process
“record-eventlog = true[13]” is set.
Messages are created in forms of packets. Packet created by each sensor is forwarded
accordingly to mules which this then forwarded to other mules and finally to the basestation.
TransferMsg is the packet that contain numRecData that contain the timestamp of creation of the
packet by each sensor and then it is recorded throughout the mobility.
Following are the specification used in the simulation model for MDD protocol:
I. Sensor field dimension: 400m x 400m.
II. Number of Sensors used: Variable (50-300).
III. Number of Data Mules used: 8
IV. Range of each Data Mule: 50m
V. Simulation Time Limit: 200 sec
VI. CPU Time Limit: 1000 sec
VII. Sleep Time of Sensor Nodes: 120sec
VIII. Idle Time of Sensor Nodes :30sec

25
A Sensor Field with Data Mules, Sensors, Zones, Basestation
Creation of ad-hoc connection and transmission of data from one zone to other

26
Result obtained in the event log is displayed as in the figure below. Every sensor node transmit
some data in form of packets which is finally received by the basestation
Average Packet Transfer Delay is the average of source delay and carrier delay.
Source delay is the time between the creation of the packet and the time at which the packet is
delivered to the data mule in range. Carrier delay is the time between the time of packet received
by the mule and the time at which packet is received at the base station.
Average Packet Delay = Source Delay + Carrier Delay
Event log on completion of method - finish()

27
11.2. Results:
Number of Sensors in the simulation = 50 Number of Active Sensors = 29
Sensor ID [50] Time delay
9 0.371403
12 0.69743
14 52.3333
16 53.1111
20 0.314237
21 0.601479
25 0.297465
26 31
27 0.576412
28 0.866664
30 31
31 26.7775
33 12.981344
35 0.898583
38 0.650935
41 0.324784
Sum 212.802636
Average 13.30016475
Active Sensors 29
Number of Sensors in the Simulation = 100 Number of Active Sensors = 59
Sensor ID[100] Time Delay
11 0.44108
12 0.190687
14 13.3705
15 12.8797
20 0.206121
21 0.915134
22 0.604211
23 0.5144
0 10 20 30 40 50 60
9
14
20
25
27
30
33
38
Average
Time delay
Time delay

28
24
0.0952684
25 13.6327
26 14.7245
29 0.724588
30 0.747607
31 0.480331
32 18.45653
33 0.448478
34 33.7823
35 0.0483317
36 0.892575
43 0.759089
43 37.0345
43 18.9901
44 21.9895
45 0.248859
46 0.972774
52 0.13836
53 35.6679
54 0.0662034
55 0.442271
56 51.9416
61 0.978298
63 0.513878
64 54.4541
65 36.7167
74 0.308547
75 0.20511
76 2.1762
84 0.303599
85 0.310919
86 0.59431
95 0.254127
96 0.479442
Sum 378.7014285
Average 9.016700679
Active Sensors 59
0 20 40 60 80
11
14
20
22
24
26
30
32
34
36
43
44
46
53
55
61
64
74
76
85
95
Average
Time Delay
Time Delay

29
Sensor ID [150] Time Delay
14 0.81875
20 0.423232
21 0.746915
22 0.144944
23 26.8929
24 0.710244
25 0.334637
31 0.459475
32 0.584495
33 10.4623
34 24.8694
35 13.65949
36 12.86319
41 0.44637
42 0.930044
43 14.4535
44 0.472867
45 6.59396
46 0.556379
52 12.1956
53 0.660337
54 0.972362
55 0.278245
56 0.430616
61 0.493681
62 1.55513
63 46.6049
64 0.597943
65 0.552439
66 0.984333
71 62
72 0.522178
73 0.993358
74 83.7282
75 0.576774
76 0.174956
80 0.723687
82 0.239248
0 50 100
14
21
23
25
32
34
36
42
44
46
53
55
61
63
65
71
73
75
80
83
93
114
116
125
135
Avg Time Delay
Time Delay
Time Delay

30
83 0.264427
84 18.951
93 5.46409
105 43.5938
114 0.896177
115 0.534452
116 9.344324
121 3.132454
125 4.422342
126 0.00641925
135 0.345644
136 5.4232342
Avg. Time Delay 8.461708849
Active Sensors 92
16 0.736903
17 0.196749
18 24.6814
19 0.42355
20 0.345234
22 0.45345324
27 0.2345223
28 0.457654
29 20.8814
30 52.4855
31 0.891192
32 0.610015
33 4.22606
34 3.435463
35 1.43534
39 0.546675
40 0.96785
41 0.756757
42 0.724689
43 20.8976
44 47.0378
45 2.2346712

31
46 53.8947
47 2.51829
49 0.58753
53 0.9422347
54 0.72842
55 1.823585
56 4.9185
57 0.132662
58 51.7726
59 8.19248
60 0.346248
61 0.974222
62 65.5214
65 0.927264
66 0.729562
68 0.8462841
69 0.200878
70 0.411577
71 53.4185
72 0.331979
73 0.522826
74 0.223097
75 40.0565
79 25.54924
80 0.4095
82 2.5984
84 0.769848
85 0.740943
86 0.571967
87 0.613141
88 60.8519
89 0.258981
90 0.21825
94 0.83465
97 0.883426
98 0.438728
99 0.694709
100 6.98392
101 0.76734
103 12.9582
104 6.23746
109 8.34872
110 2.87438
0 50 100 150
16
18
20
27
29
31
33
35
40
42
44
46
49
54
56
58
60
62
66
69
71
73
75
80
84
86
88
90
97
99
101
104
110
115
117
128
130
137
141
143
153
174
Avg Time Delay
Time Delay
Time Delay

32
114 0.131903
115 9.2938
116 0.101484
117 23.0955
125 0.235982
128 0.45735
129 0.925274
130 0.247636
133 0.83748234
137 3.4759231
140 0.892347
141 0.3487238
142 0.8748123
143 0.7734872
144 0.873453
153 3.4298351
155 0.95892341
174 31
186 0.353487
Sum 686.5929228
Avg Time Delay 8.173725271
Active Sensors 140
6 0.854366
7 1.88643
11 0.844316
14 0.736903
15 0.543435
16 32.67454
17 0.42355
20 0.345234
21 0.733287
23 0.228765
24 0.643254
25 2.658814
27 5.764543
31 0.891192
32 1.6663243

33
33 24.22606
34 33.435463
35 1.43534
38 0.546675
39 0.96785
40 0.756757
41 0.567753
42 19.433786
44 45.96336
45 2.2346712
46 50.59347
47 2.51829
49 0.58753
53 0.763443
54 0.72842
55 1.0966543
56 4.877655
57 19.68678
58 23.9756477
59 8.19248
60 0.346248
61 0.974222
62 36.85521
65 0.927264
66 0.729562
67 0.8462841
68 0.200878
70 0.411577
71 53.4185
73 0.331979
74 0.522826
76 0.88601
77 16.833878
78 22.54924
79 0.7331
80 27.8333687
83 2.00135
84 0.740943
86 0.571967
87 0.613141
88 60.8519
89 0.258981
90 0.21825
0 20 40 60 80
6
14
17
23
27
33
38
41
45
49
55
58
61
66
70
74
78
83
87
90
93
101
109
115
120
123
130
136
139
145
150
160
167
171
174
199
219
234
249
254
269
298
Time Delay
Time Delay

34
91 0.83465
92 0.883426
93 0.438728
94 0.694709
99 6.8647
101 0.46431022
103 13.88542
104 16.2446
109 8.34872
110 2.87438
114 0.131903
115 29.2938
116 0.101484
117 23.0955
120 0.235982
121 0.45735
122 0.925274
123 0.247636
125 0.83748234
127 45
130 0.892347
131 0.3487238
135 0.8748123
136 0.7734872
137 0.873453
138 3.4298351
139 0.95892341
140 31
142 0.353487
145 7.59292279
146 16.62571583
148 12.883643
150 0.87346
155 0.6153332
157 0.773624
160 18.66496
161 22.009465
166 12.83465
167 0.48573
168 0.874754
170 20.736543
171 0.28929847
172 1.3765321

35
173 31
174 12.67527643
180 0.389463
192 0.98901
199 0.0347238
200 0.0874823
213 1.985793
219 1.84793
220 29.985794
229 2.9849
234 19.8465982
247 34.9934652
248 0.87642
249 0.7652734
250 0.99764852
252 0.50047332
254 0.87346549
260 0.46287475
261 0.92464875
269 8.7648583
270 0.747457683
278 0.48935752
298 1.3487572
Sum 984.7131429
Avg Time Delay 7.941235024
Active Sensors 188

36
11.3. Average time delay of Modified-Direct-Delivery Protocol:
No of Sensors Average Time Delay
50 13.30016475
100 9.0167003
150 8.4617088
200 8.173725
300 7.941235024
Average Time Delay of Modified-Direct-Delivery Protocol: 9.378706775
12. Comparison with Direct Delivery Protocol
Direct Delivery Protocol delivers packets directly to the basestation, so in this type of delivery
data mule have to carry data for a long time all through the path way till basestation is in range of
the mule containing the data. In this protocol, the probability of collision or carrying data from
same sensor node is more thus reducing the efficiency.
Certain improvements in this protocol with a better path selection and speed control with inter
mule communication brings out a lot of improvements in the average time delay of the protocol.
When two mules are interconnected they transmit the data as well in case of duplicate values of
packet id, collision is avoided. This reduces the probability of collision and thus improving the
efficiency of the protocol. Also, mule need not travel all through the path to the basestation for
transmission. Zones in the sensor field is a major improvement in the protocol and using zones
0 100 200 300 400
1
2
3
4
5
Average Time
Delay
No of Sensors

37
maximum number of sensor nodes can be covered in much smaller time thus reducing the source
delay.
MDD Protocol have following improvements over Direct Delivery Protocol:
I. Introduction of zones: Mules can cover maximum number of nodes in small amount
of time; reducing source delay
II. Inter mule communication: Mules in MDD protocol create ad-hoc networks when
in range, this assures faster delivery of data in small time; reducing carrier delay.
12.1. Result analysis of DD and MDD Protocol
With the result analysis above, we can conclude that for every simulation with varying number
of sensor nodes MDD protocol gives a better and efficient result in delivery of data with reduced
time delay in every case scenario.
23.923628
16.893394
14.008463
13.944558
10.788331
15.9116748
13.30016475
9.0167003
8.4617088
8.173725
7.941235024
9.378706775
50
100
150
200
300
Avg. Time Delay of DD
Comparision of DD and MDD Protocol
ATD (MDD-Protocol) ATD (DD-Protocol)

38
12.2. Advantages of MDD protocol
1. Low source delay and carrier delay in delivery of data.
2. Guarantees full security of source location.
3. Reduces probability of collision of data at basestation.
4. In case of collision, the redundancy is removed at real time, hence reduces load on
modules
5. Independent of transmission trough sensors, so eavesdrop attack model is inefficient.
Network traffic analysis is inefficient attack model.
6. Energy efficient protocol, sensor need not transmit to a long distance(1kb for every 331
feet).
7. Localization efficient, mules are equipped with GPS facility reducing localization issues.
12.3. Limitations of MDD protocol
1. Efficiency is dependent on mobility pattern of data mule. Path Selection and speed
control algorithms improves efficiency.
2. Mules need high data storage and processing power for data storage and collision control.
3. Dependent on network configuration, sensor deployment, zones and mobility pattern of
mules.
4. No intelligent selection of mobility pattern in data mules.
5. Mules assisted with GPS and other infrastructure increases cost.

39
13. References
01 N. Li, M. Raj, D. Liu, M. Wright, and S. K. Das, “Using data mules to preserve source location privacy in
wireless sensor networks,” at 13th International Conference on Distributed Computing and Networking
(ICDCN ’12), vol. 7129 of Lecture Notes in Computer Science, p. 309, 324, Hong Kong, China, 2012.
02 Y. Fan, Y. Jiang, H. Zhu, and X. Shen, “An efficient privacy-preserving scheme against traffic analysis
attacks in network coding,” in Proceedings of the 28th Conference on Computer Communications (IEEE
INFOCOM '09), pp. 2213–2221, April 2009. View at Publisher · View at Google Scholar ·
03 R. Lu, X. Lin, H. Zhu, and X. Shen, “TESP2: timed efficient source privacy preservation scheme for
wireless sensor networks,” in Proceedings of the IEEE International Conference on Communications
(ICC '10), May 2010. View at Publisher · View at Google Scholar · View at Scopus
04 K. Mehta, D. Liu, and M. Wright, “Protecting location privacy in sensor networks against a global
eavesdropper,” IEEE Transactions on Mobile Computing, vol. 11, no. 2, pp. 320–336, 2012. View at
Publisher · View at Google Scholar · View at Scopus
05 B. Alomair, A. Clark, J. Cuellar, and R. Poovendran, “Statistical framework for source anonymity in
sensor networks,” in Proceedings of the 53rd IEEE Global Communications Conference (GLOBECOM
'10), December 2010. View at Publisher · View at Google Scholar · View at Scopus
06 K. Bicakci, H. Gultekin, B. Tavli, and I. E. Bagci, “Maximizing lifetime of event-unobservable wireless
sensor networks,” Computer Standards and Interfaces, vol. 33, no. 4, pp. 401–410, 2011. View at
Publisher · View at Google Scholar · View at Scopus
07 X. Hong, P. Wang, J. Kong, Q. Zheng, and J. Liu, “Effective probabilistic approach protecting sensor
traffics,” in Proceedings of the Military Communications Conference (MILCOM '05), vol. 1, pp. 169–
175, October 2005. View at Publisher · View at Google Scholar · View at Scopus
08 Z. Zhou and K. C. Yow, “Anonymizing geographic Ad Hoc routing for preserving location
privacy,”International Journal of Network Security, vol. 2, no. 3, pp. 210–218, 2006.

40
09 Li, Y., Ren, J.: Source-location privacy through dynamic routing in wireless sensor networks. In:
Proceedings of INFOCOM (2010)
10 Ozturk, C., Zhang, Y., Trappe, W.: Source-location privacy in energy constrained sensor network routing.
In: Proceedings. 2nd ACM workshop on Security of ad hoc and sensor networks, SASN (2004).
11 Mayank Raja, Na Lia, Donggang Liub, Matthew Wrightb, Sajal K. Das : Using Data Mules to Preserve
Source Location Privacy in Wireless Sensor Networks (CReWMaN),The Information Security Lab (iSec)
12 Ryo Sugihara and Rajesh K. Gupta. University of California, San Diego: Path Planning of Data Mules in
Sensor Networks. In: ACM Journal Name, Vol. V, No. N, Month 20YY.
13 Manual- OMNeT++

Source location privacy in wireless sensor networks using data mules.

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Source location privacy in wireless sensor networks using data mules. (20)

Recently uploaded (20)

Source location privacy in wireless sensor networks using data mules.