Anonymity in Wireless Broadcast Networks

Blaze, Matt; Ioannidis, John; Keromytis, Angelos D.; Malkin, Tal G.; Rubin, Avi

Systems that provide network traffic anonymity typically focus on wide-area network topologies, and exploit the infeasibility of eavesdropping on all links to prevent attackers from determining communication peers. This approach is inappropriate for high-security wireless local-area networks, since it does not obscure the traffic volume, allowing attackers to identify critical nodes (e.g., a military HQ) and, given the ability of an attacker to obtain a global view of all communications, the relative ease of identifying the source and destination of traffic flows. These weaknesses derive from the fact that, whereas in wide-area networks the sender, the receiver and the adversary are on different physical links, in wireless networks they may share a single broadcast link. Moreover, the adversary can easily find the physical location of the transmitter and thereby identify the entity sending the traffic, not just its network identity. We introduce Wireless Anonymous Routing (war), an approach to achieve anonymity in a broadcast network. We describe a formal threat model for war and compare it to the traditional anonymity approaches. We show that these are inadequate when applied to the broadcast model, and describe new protocols that preserve security with better performance, adequately addressing the requirements of security-critical environments. We provide analytical and some preliminary experimental evidence that our protocols achieve anonymity at a reasonable cost.



Also Published In

International Journal of Network Security

More About This Work

Academic Units
Computer Science
Published Here
July 5, 2011