Matthew Leeke

On the Use of Fake Sources for Source Location Privacy

Wireless sensor networks have enabled novel applications such as monitoring, where security is invariably a requirement. One aspect of security, namely source location privacy, is becoming an increasingly important property of some wireless sensor network applications. The fake source technique has been proposed as an efficient technique to handle the source location privacy problem. However, there are several factors that limit the usefulness of current results: (i) the selection of fake sources is dependent on sophisticated nodes, (ii) fake sources are known a priori and (iii) the selection of fake sources is based on a prohibitively expensive pre-configuration phase. In this paper, we investigate the privacy enhancement and energy efficiency of different implementations of the fake source technique that circumvents these limitations. Our results show that the fake source technique is indeed effective in enhancing privacy. Specifically, one implementation achieves near-perfect privacy when there is at least one fake source in the network, at the expense of increased energy consumption. In the presence of multiple attackers, the same implementation yields only a 30% decrease in capture ratio with respect to flooding. To address this problem, we propose a hybrid technique which achieves a corresponding 50% reduction in the capture ratio and a near-perfect privacy whenever at least one fake source exists in the network.

Fake source-based source location privacy in wireless sensor networks

The development of novel wireless sensor network (WSN) applications, such as asset monitoring, has led to novel reliability requirements. One such property is source location privacy (SLP). The original SLP problem is to protect the location of a source node in a WSN from a single distributed eavesdropper attacker. Several techniques have been proposed to address the SLP problem, and most of them use some form of traffic analysis and engineering to provide enhanced SLP. The use of fake sources is considered to be promising for providing SLP, and several works have investigated the effectiveness of the fake sources approach under various attacker models. However, very little work has been done to understand the theoretical underpinnings of the fake source technique. In this paper, we (i) provide a novel formalisation of the fake sources selection problem; (ii) prove the fake sources selection problem to be NP‐complete; (iii) provide parametric heuristics for three different network configurations; and (iv) show that these heuristics provide (near) optimal levels of SLP under appropriate parameterisation. Our results show that fake sources can provide a high level of SLP. Our work is the first to investigate the theoretical underpinnings of the fake source technique. Copyright

Towards Understanding Source Location Privacy in Wireless Sensor Networks through Fake Sources

Source location privacy is becoming an increasingly important property in wireless sensor network applications, such as asset monitoring. The original source location problem is to protect the location of a source in a wireless sensor network from a single distributed eavesdropper attack. Several techniques have been proposed to address the source location problem, where most of these apply some form of traffic analysis and engineering to provide enhanced privacy. One such technique, namely fake sources, has proved to be promising for providing source location privacy. Recent research has concentrated on investigating the efficiency of fake source approaches under various attacker models. In this paper, we (i) provide a novel formalisation of the source location privacy problem, (ii) prove the source location privacy problem to be NP-complete, and (iii) provide a heuristic that yields an optimal level of privacy under appropriate parameterisation. Crucially, the results presented show that fake sources can provide a high, sometimes optimal, level of privacy.

A methodology for the generation of efficient error detection mechanisms

A dependable software system must contain error detection mechanisms and error recovery mechanisms. Software components for the detection of errors are typically designed based on a system specification or the experience of software engineers, with their efficiency typically being measured using fault injection and metrics such as coverage and latency. In this paper, we introduce a methodology for the design of highly efficient error detection mechanisms. The proposed methodology combines fault injection analysis and data mining techniques in order to generate predicates for efficient error detection mechanisms. The results presented demonstrate the viability of the methodology as an approach for the development of efficient error detection mechanisms, as the predicates generated yield a true positive rate of almost 100% and a false positive rate very close to 0% for the detection of failure-inducing states. The main advantage of the proposed methodology over current state-of-the-art approaches is that efficient detectors are obtained by design, rather than by using specification-based detector design or the experience of software engineers.

Towards Understanding the Importance of Variables in Dependable Software

A dependable software system contains two important components, namely, error detection mechanisms and error recovery mechanisms. An error detection mechanism attempts to detect the existence of an erroneous software state. If an erroneous state is detected, an error recovery mechanism will attempt to restore a correct state. This is done so that errors are not allowed to propagate throughout a software system, i.e., errors are contained. The design of these software artefacts is known to be very difficult. To detect and correct an erroneous state, the values held by some important variables must be ensured to be suitable. In this paper we develop an approach to capture the importance of variables in dependable software systems. We introduce a novel metric, called importance, which captures the impact a given variable has on the dependability of a software system. The importance metric enables the identification of critical variables whose values must be ensured to be correct.

Evaluating the Use of Reference Run Models in Fault Injection Analysis

Fault injection (FI) has been shown to be an effective approach to assessing the dependability of software systems. To determine the impact of faults injected during FI, a given oracle is needed. Oracles can take a variety of forms, including (i) specifications, (ii) error detection mechanisms and (iii) golden runs. Focusing on golden runs, in this paper we show that there are classes of software which a golden run based approach can not be used to analyse. Specifically, we demonstrate that a golden run based approach can not be used in the analysis of systems which employ a main control loop with an irregular period. Further, we show how a simple model, which has been refined using FI experiments, can be employed as an oracle in the analysis of such a system.

Evaluating the Impact of Broadcast Rates and Collisions on Fake Source Protocols for Source Location Privacy

Providing source location privacy has become a relevant issue for protocols used in the context of wireless sensor networks. In particular, where an asset is monitored using a wireless sensor network it is often the case that the location of the asset being monitored should be concealed from those eavesdropping on the network. The use of fake sources represents an approach to addressing the source location privacy problem. This paper explores practical factors for the configuration and application of fake source protocols, with a focus on the interplay between the broadcast rates of sensor nodes, message collisions and achieved privacy. Combined with existing work in energy efficient fake source protocols, these contributions evidence the existence of an effective range of broadcast rates for fake source protocols.

Extracting Meaningful User Locations from Temporally Annotated Geospatial Data

The pervasive nature of location-aware devices has enabled the collection of geospatial data for the provision of personalised services. Despite this, the extraction of meaningful user locations from temporally annotated geospatial data remains an open problem. Meaningful location extraction is typically considered to be a 2-step process, consisting of visit extraction and clustering. This paper evaluates techniques for meaningful location extraction, with an emphasis on visit extraction. In particular, we propose an algorithm for the extraction of visits that does not impose a minimum bound on visit duration and makes no assumption of evenly spaced observation.

Destabilising Conventions Using Temporary Interventions

Conventions are an important concept in multi-agent systems as they allow increased coordination amongst agents and hence a more efficient system. Encouraging and directing convention emergence has been the focus of much research, particularly through the use of fixed strategy agents. In this paper we apply temporary interventions using fixed strategy agents to destabilise an established convention by i replacing it with another convention of our choosing, and ii allowing it to destabilise in such a way that no other convention explicitly replaces it. We show that these interventions are effective and investigate the minimum level of intervention needed.

Issues on the Design of Efficient Fail-Safe Fault Tolerance

The design of a fault-tolerant program is known to be an inherentlydifficult task. Decisions taken during the designprocess will invariably have an impact on the efficiency of theresulting fault-tolerant program. In this paper, we focus on two suchdecisions, namely (i) the class of faults the program is to tolerate,and (ii) the variables that can be read and written. The impact thesedesign issues have on the overall fault tolerance of the system needsto be well-understood, failure of which can lead to costly redesigns. For the case of understanding the impact of fault classes on theefficiency of fail-safe fault tolerance, we show that, under theassumption of a general fault model, it is \emph{impossible} topreserve the original behavior of the fault-intolerant program. Forthe second problem of read and write constraints of variables, weagain show that it is \emph{impossible} to preserve the originalbehavior of the fault-intolerant program. We analyze the reasons thatlead to these impossibility results, and suggest possible ways ofcircumventing them.