n order to present the adversary from back-tracing, the route, location and data privacy mechanism must be enforced. With the spreading application of Wireless Sensor Networks (WSNs) in various sensitive areas such as health-care, military, habitat monitoring, etc. Network level privacy often been categorized into 4 categories: 1) Sender node identity privacy: no intermediate node can get any information about who is sending the packets except the source, its immediate neighbors and the destination. 2) Sender node location privacy: no intermediate node can have any information about the location (in terms of physical distance or number of hops) about the sender node except the source, its immediate neighbors and the destination. 3) Route privacy: no node can predict the information about the complete path (from source to destination). Also, a mobile adversary gets no clue to trace back the source node either from the contents and/or directional information of the captured packet(s). 4) Data packet privacy: no node can see the information inside in a payload of the data packet except the source and the destination. An energy-efficient privacy solution is needed to address these patterns in Wireless Sensor Network. Advanced features in cryptographic system were introduced in this paper are: ? A new Identity, Route and Location (IRL) privacy algorithm is proposed that ensures the source, identity and location. This algorithm allows the packets to destination only through trusted intermediate nodes. ? The extension of our proposed IRL algorithm is a new reliable Identity, Route and Location (r-IRL) privacy algorithm. This algorithm has the ability to forward packets from multiple secure paths to increase the packet reach-ability. ? A data privacy mechanism is used to unique in the sense that it provides secure data and packet authentication. # Network and Assumptions Model A wireless sensor network (WSN) is composed of large number of small sensor nodes that are of limited resource and densely deployed in an environment. This sensor node uses IEEE 802.11 standard link layer protocol, which keeps packets in its cache until the sender receives an acknowledgment (ACK). The sender node will retransmit the packet, if the ACK does not receive within threshold. # F ebruary a) Concepts And Definitions The proposed algorithms use two notions: Direction and Trust. These notions are used to provide reliable secure paths for achieving robust route privacy. Direction helps to forward packet to the destination in a timely manner and trust will help to forward the packets via reliable nodes. Direction : The first notion used in our algorithms is that of direction. The physical location of the base station is the reference point for each sensor node. Based on this reference point, each node classifies its neighboring nodes into four categories: (1) forward neighboring nodes (F), (2) right side backward neighboring nodes (Br), (3) left side backward neighboring nodes (B l ), and (4) middle backward neighboring nodes (B m ). The objective of this categorization is to provide more path diversity as discussed in Section 4.2. A node x classifies its neighboring node y in following fashion: where ? is the angle between the node x and its neighboring node y with respect to the line joining node x and the base station as shown in Figure 2. The second notion used in our algorithms is that of trust. The definition of a trust here is based on our other paper and restated here. A node can be classified into one of the three categories: trustworthy, untrustworthy, and uncertain. A node is considered trustworthy if it interacts successfully most of the time with the other nodes. A node is considered untrustworthy if it tries to do as many unsuccessful interactions as possible with the other nodes. An untrustworthy node could be a faulty or malicious node. A node is considered uncertain if it performs both successful and unsuccessful interactions. Detailed definition if the successful and unsuccessful interactions and trust calculation methodology is available in our paper and provided here in a simplified form. A sender will consider an interaction successful if the sender receives confirmation that the packet is successfully received by the neighbor node and forwarded towards the destination in an unaltered fashion. The first requirement of successful reception is achieved on the reception of the link layer acknowledgment (ACK). The second requirement of forwarding towards the destination is achieved with the help of enhanced passive acknowledgment (PACK) by overhearing the transmission of a next hop on the route, since they are within the radio range. If the sender node does not overhear the retransmission of the packet within a threshold time from its neighboring node or if the overheard packet is found to be illegally fabricated (by comparing the payload that is attached to the packet), then the sender node will consider that interaction as unsuccessful. With this simple approach, several attacks can be prevented, i.e., the black hole attack is straightforwardly detected when malicious node drops the incoming packets and keeps sending self-generated packets .Similarly, sink hole attack, an advanced version of the black hole attack, is also easily detectable by looking at the passive acknowledgment. Likewise, the selective forwarding attack and gray-hole attack [27] can also be eliminated with the aid of above mentioned approach. Based on these successful and unsuccessful interactions node x can calculate the trust value of node y in following fashion: where [.] is the nearest integer function, S x,y is the total number of successful interactions of node x with y during time ?t, and U x,y is the total number of unsuccessful interactions of node x with y during time ?t. After calculating trust value, a node will quantize trust into three states as follows: where, f represents half of the average values of all trustworthy nodes and g represents one-third of he average values of all untrustworthy nodes. Both f and g are calculated as follows: The steady-state operation, these values can change with every passing unit of time which creates dynamic trust boundaries. After each passage of time, ?t, nodes will recalculate the values of f and g. This trust calculation procedure will continue in this fashion. The time window length (?t) could be made shorter or longer based on the network analysis scenarios. If ?t is too short, then the calculated trust value may not reflect the reliable behavior. On the other hand, if it is too long, then it will consume too much memory to store the interaction record at the sensor node. Therefore, various parameters can be used to adjust the length of ?t. Whenever a node needs to forward a packet, the routing phase for source node and for intermediate node) of IRL algorithm is called. Whenever a source node wants to forwards the packet, it will first check the availability of the trusted neighboring nodes in its forward direction setM(tF ). If trusted nodes exists then it will randomly select one node as a next hop from the setM(tF ) and forward the packet towards it .If there is no trusted node in its forward direction, then the source node will check the availability of a trusted node in the right (M(tBr )) and left (M(tBl)) backward sets. If the trusted nodes are available then the source node will randomly select one node as a next hop from these sets and forward the packet towards it.If the trusted node does not exist in these sets either, then the source node will randomly select one trusted node from the backward middle set (M(tBm)) and forward the packet towards it.If there are no trusted nodes available in all of the sets then the packet will be dropped . When an intermediate node receives the packet (either from the source node or from another en-route node), it will first check whether the packet is new or old.If it is new, then the node will first check the availability of the trusted node from the forward direction set (MF ) excluding the prevhop node if it belongs to forward set.If trusted nodes exists in the forward set then the node will randomly select any one trusted node as a next hop and forward the packet towards it. If there is no trusted node available in the forward direction, then it will check to which set the sender of the packet belongs to. For example, If the packet, forwarded by a node, belongs to the right backward set, then it will first check whether the left or middle backward sets contain any trusted nodes. If so, it will randomly select one node from those sets and forward the packet towards it. If there is no trusted node in those two sets, then the node will randomly select a trusted node from the right backward set (M(tBr )) excluding the one from which the node received the current packet and forward the packet towards it.Similar operations will be performed, if the packet, forwarded by a node, belongs to the left and middle backward or forward sets. An example IRL routing scenario is shown in Figure 3. This routing strategy may result in the creation of a cycle (loop). However, due to the randomness in the selection of the next-hop and the presence of the different four direction sets, the probability of creation of any cycle is very low. Nevertheless, in order to fully avoid the occurrence of the cycles, each node (prior to forwarding of a packet) will save the signature of the packet in the buffer for the ?t time,that is: where D is the distance between the forwarding node and the base station, d is the distance between the forwarding node and the next hop, and pt is the propagation transfer time between the forwarding node and the next hop. This signature consists of two fields: (1) sequence number of the packet, and (2) the payload. The potential of the signature to compare and identify the same packet is detailed in the later section. Corresponding to this signature, three more fields are also stored in the buffer: 1) previous hop identity, 2) next hop identity where the packet is forwarded, and 3) counter, that tells how many times the same packet is received by the node. This information will later be used to get rid of any cycle. The size of the buffer is mainly dependent on the network traffic conditions. However, it is expected to be low due because the sensor nodes sent data either in periodic intervals or upon the occurrence of some event. If the node received the packet whose signature exists in the buffer, then including the previous hop node , two other nodes will also be excluded from the selection of the next hop process: 1) the node from which last time the packet was received the node from which last time the packet was forwarded. If the same packet is received three times by the same node then the packet will be dropped. Three sample scenarios of the loop creation, detection and prevention are shown in Figure 4. Creation of loops and traversing of the packets in the backward direction is not a completely negative effect. Rather, it provides positive effects in terms of strengthening the route and source location privacy, because these effects will helps to increase the safety period, which is the time for an adversary to reach at the source node. Identity Privacy: Whenever a node receives the packet p from the source node or en-route node then the receiving node will replace the previous hop's identity prevhop contained in the packet with its own.After that, the node will get the next forwarding node nexthop and update the header of the packet p = {prevhop, nexthop, payload}. After modification of the two header fields, the node will forward the packet.In this way, all the intermediate forwarding nodes replace the source and next hop's identity contained in the packet p. This process will go on until the packet reaches the base station. Location Privacy: The neighboring nodes which are in each other's radio range can easily approximate the location of each other by measuring the received signal strength and the angle of arrival.If the adversary is within the range of the source node, then adversary can easily estimate the location of the source. Once the packet has crossed the radio range of the original source node, then becomes very difficult for an attacker to estimate the location of the node either in terms of the physical distance or in terms of the number of hops of an original source node. The main reason for this is that the path selection is random and packets are forwarded by only trusted nodes which only contain the information of the last and the next hop. # c) Reliable Identity, Route, And Location Privacy (R-IRL) It is also possible that some applications require more reliability in terms of packet reach-ability; and the packet could be dropped due to either network congestion or malicious behavior of an en-route node. Thus, in order to achieve more reliability, the packet should be forwarded from multiple paths simultaneously, which will give trustworthiness in the sense that at least the packet should reach the base station by any one of the paths, although, this may increase some communication overhead. Our reliable IRL (r-IRL) algorithm is the extended version of our proposed IRL algorithm, in which we introduce one more parameter, reliability r. The source node i will multicast a packet to all r randomly selected neighboring trusted nodes that are in the forward direction. If there are no adequate trusted nodes present in the forward direction, then it will select the remaining trusted nodes from the backward direction. The rest of the mechanism of the r-IRL algorithm is the same as the IRL algorithm. # d) Data Privacy The payload contains the identity of the source node (IDx) and the actual data (d). Identity is encrypted with the public key (k+bs) of the base station and data is encrypted with the secret key (kx,bs)shared between the sender node and the BS. Both are appended with the payload as shown below: payload = [E(IDx, k+ bs),E(d, kx,bs)] If we assume that the adversary knows the range of identities assigned to the sensor nodes, public key of the base station and information about cipher algorithm used in the network, an adversary can then successfully obtain the identity of the source by performing simple brute-force search attack by comparing the pattern of encrypted identity with a known range of identities. Therefore in order to provide protection against brute-force search attack, we append a random number (Rn) (equivalent to the size of identity) with the identity of a node and then perform encryption. Now the payload is: payload = [E(IDx||Rn, k+bs),E(d, kx,bs)] where || is the append operation. Inclusion of random number may introduce additional computational overhead. However, the amount of overhead is mainly dependent on random number generation technique. Recently, very nice random generation techniques have been specially designed for low power sensor networks, such as. These techniques could be used to generate random number for each packet. Also, overall computational overhead is dependent on the number of packets generated by the sensor nodes. Our proposed data privacy approach provides several benefits. Firstly, data secrecy is achieved in the presence of identity anonymity. This feature is not available in earlier proposed privacy schemes. Secondly, the base station will receive both the identity of the actual source node and message authentication. If the packet has been successfully decrypted with the shared secret key, it means that packet is received from genuine sensor node. # Global Journal of Computer Science and Technology Volume XII Issue IV Version I # Table 4. Simulation parameters The proposed paper has implemented our IRL and r-IRL routing schemes on Sensor Network Simulator and Emulator (SENSE).At the application layer we used constant bit rate component (CBR) that generate constant traffic during simulation between randomly selected source node(s) and the base station. For the simplicity, assume that both sensor nodes and the base station are static. Network consists of 300 sensor nodes that are organized into 15 by 20 grid manner. Comparison of proposed IRL and r-IRL algorithms with the four variations of phantom routing schemes that are: 1. Phantom single path routing scheme with hopbased approach (PSR-hop). 2. Phantom single path routing scheme with sectorbased approach (PSR-sec). 3. Phantom flood routing scheme with hop-based approach (PFR-hop). 4. Phantom flood routing scheme with sector-based approach (PFR-sec). The energy consumption analysis with different scenarios are shown in Figure 6. For the r-IRL scheme we select r = 3, which means a single packet will reach the destination via three different routes simultaneously. For phantom routing schemes, we select parameter hwalk=10 (as recommended. Figure 6 clearly indicates that, the IRL and r-IRL schemes consume less energy as compared to the PSR-sec, PFR-hop and PFR-sec schemes but slightly consume higher energy as compared to the PSR-hop scheme. This is due to the fact that the IRL and r-IRL algorithms provides more path diversity and packets sometimes took longer paths. Our In order to analyze the path diversity behavior, assume 300 sensor nodes in a 10 by 30 grid manner. In the simulation, a single source node (ID: 224) generates 100 data packets for the base station. Figure shows the path diversity (in terms of path length) of the IRL, PSR-hop and PSR-sec schemes. The average path taken by the PSR-hop, IRL and PSR-sec is 22.12, 36.81 and 38.17, respectively. It indicates that the IRL scheme incurs more delay as compared with the PSR-hop scheme and less delay as compared with the PSR-sec scheme. This figure also indicates that the IRL scheme has more path variation as compared with the other schemes, which creates more difficulties for the adversary to trace back the source from the captured packets. Figure 7 also shows that some packets took longer paths in the IRL scheme as compared with others. This is due to the fact that the source or en-route node did not find any trusted node in its forward direction, so the packet is relayed back in the backward direction. Figure 8 shows the result of 100 simulation runs in each node has equal probability to be trusted and untrusted. It shows that, as the neighborhood size increases, the probability of the packet to move in the backward direction decreases sharply. Existing privacy schemes of WSNs only provides partial network level privacy. Providing full network level privacy is a critical and challenging issue due to the constraints imposed by the sensor nodes (e.g.,energy, memory and computation power), sensor network (e.g., mobility and topology) and QoS issues (e.g., packet reach ability and timeliness). Therefore, in this paper we proposed the first full network level privacy solution that is composed of two new identity, route and location privacy algorithms and data privacy mechanism. Our solutions provide additional trustworthiness and reliability at modest cost of energy and memory. Future work, will evaluate proposed schemes from the perspective of computation cost that is required to perform encryption and random number generation. 1![Figure 1. Typical WSN scenario.](image-2.png "Figure 1 .") 2![Figure 2. Neighbor node classification](image-3.png "Figure 2 .") ![where[.] is the nearest integer function, Rx represents the set of trustworthy nodes for node x, Mx the set of untrustworthy nodes for node x, and n is the total number of nodes that contains trustworthy, untrustworthy and uncertain nodes.The initial trust values of all nodes are 50.The values of f and g are adaptive. b) Identity, Route, and Location Privacy (IRL) The proposed identity, route and location privacy scheme works in two phases. The first is neighbor node state initialization phase, and the second is routing phase. Route Privacy : In initialization phase, let the node i have m neighboring nodes in which t nodes are trusted. So, 0 ? t ? m and M(t) = M(tF ) ? M(tBr ) ? M(tBl) ? M(tBm). Here M(tF ), M(tBr ),M(tBl), and M(tBm) represent the set of trusted nodes that are in the forward, right backward, left backward, and middle backward directions, respectively. These neighbor sets (M(tF ), M(tBr ), M(tBl),and M(tBm)) are initialized and updated whenever a change occur in neighborhood. For example, the entrance of a new node, change of a trust value, etc.](image-4.png "") 3![Figure 3. Sample routing scenario of IRL scheme.](image-5.png "Figure 3 .") 4![Figure 4. Three sample cycle detection and prevention scenarios.](image-6.png "Figure 4 .") ![Consumption AnalysisThis section, shows the efficiency of our routing strategies with existing schemes. Energy is computed based on the communication overhead (including transmission and reception cost, path length) introduced by our proposed routing protocols and compared it with other existing schemes.](image-7.png "") 6![Figure 6. Energy consumption analysis: simulation time: 5,000.](image-8.png "Figure 6 .") 107![Figure 7. Path diversity of privacy schemes.](image-9.png "10 Figure 7 .") 8![Figure 8. Probability of a packet to move in the backward direction.](image-10.png "Figure 8 .") ![1. Wood, A.D.; Fang, L.; Stankovic, J.A.; He, T. SIGF: A Family of Configurable, Secure Routing Protocols for Wireless Sensor Networks. In Proceedings of the 4th ACM Workshop on Security of Ad Hoc and Sensor Networks, Alexandria, VA, USA, 2006; pp. 35-48. 2. Kamat, P.; Zhang, Y.; Trappe, W.; Ozturk, C. Enhancing Source-Location Privacy in Sensor Network Routing. In Proceedings of the 25th IEEE International conference on Distributed Computing Systems, Columbus, OH, USA, 2005; pp. 599-608. 3. Misra, S.; Xue, G. Efficient Anonymity Schemes for Clustered Wireless Sensor Networks. Int. J. Sens. Netw. 2006. Global Journal of Computer Science and Technology Volume XII Issue IV Version I 38 2012](image-11.png "") © 2012 Global Journals Inc. (US) Global Journal of Computer Science and Technology Volume XII Issue IV Version I © 2012 Global Journals Inc. (US) © 2012 Global Journals Inc. (US) F ebruary ## This page is intentionally left blank * Source-Location Privacy in Energy-Constrained Sensor Network Routing COzturk YZhang WTrappe Proceedings of the 2nd ACM workshop on Security of Ad hoc and Sensor Networks the 2nd ACM workshop on Security of Ad hoc and Sensor NetworksWashington, DC, WA, USA 2004 * Preserving Source Location Privacy in Monitoring-Based Wireless Sensor Networks YXi LSchwiebert WShi Proceedings of Parallel and Distributed Processing Symposium (IPDPS2006) Parallel and Distributed Processing Symposium (IPDPS2006)Rhodes Island, Greece * SiFT: An Efficient Method for Trajectory Based Forwarding ACapone LPizziniaco IFilippini MGDe La Fuente Proceedings of International Symposium on Wireless Communication Systems International Symposium on Wireless Communication SystemsSiena, Italy * Geographic Random Forwarding (GeRaF) for Ad Hoc and Sensor Networks: Energy and Latency Perfor-mance MZorzi RRRao IEEE Tran. Mob. Comput 2003 * IGF: A State-Free Robust Comm-unication Protocol for Wireless Sensor Networks BBlum THe SSon JStankovic CS-2003-11 Technical Report * Improving Distance Based Geographic Location Techniques in Sensor Networks MBarbeau EKranakis DKrizanc PMorin Proceedings of 3rd International Conference on Ad Hoc Networks and Wireless 3rd International Conference on Ad Hoc Networks and WirelessVancouver, British Columbia 2004 * Method and System for Locating Sensor Node in Sensor Network Using Transmit Power Control JRyu SGKim HHChoi SSAn SYAhn BJKim 2009/0128298 A1 U.S * Improving Distance Based Geographic Location Techniques in Sensor Networks MBarbeau EKranakis D;Krizanc PMorin Proceedings of 3rd International Conference on Ad Hoc Networks and Wireless 3rd International Conference on Ad Hoc Networks and WirelessVancouver, British Columbia 2004 * Public Key Cryptography in Sensor Networks-Revisited GGaubatz J.-PKaps BSunar Lect. Note. Comput. Sci 3313 2006 * Unleashing Public-Key Cryptography inWireless Sensor Networks JLopez J. Comput. Security 2006 * Analysis of Location Privacy /Energy Efficiency Tradeoffs in Wireless Sensor Networks SArmenia GMorabito SPalazzo IFIP-Networking 2007