Probabilistic receiver-location privacy protection in wireless sensor networks Ruben Rios a,⇑ , Jorge Cuellar b , Javier Lopez a a Universidad de Málaga, NICS Lab, Campus de Teatinos, 29071 Málaga, Spain b Siemens AG, Otto-Hahn-Ring 6, 81739 Munich, Germany article info Article history: Received 31 March 2014 Received in revised form 7 January 2015 Accepted 24 January 2015 Available online 4 February 2015 Keywords: Wireless sensor network Security Privacy Traffic analysis Node capture abstract Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pat- tern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver- location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations. Ó 2015 Elsevier Inc. All rights reserved. 1. Introduction Wireless sensor networks (WSNs) [30] are highly distributed networks comprising two types of devices, namely, the sen- sor nodes and the base station. The sensor nodes are small battery-powered computers, which have the ability to measure the physical phenomena (e.g., temperature, vibration, radioactivity) occurring in their vicinity and to wirelessly communi- cate with other devices nearby. The base station is a resourceful wireless-enabled device in charge of gathering the data com- ing from different sources and processing them in order to gain insight about the phenomena being monitored. Due to the number of sensors they can incorporate, these networks are extremely versatile, which makes them suitable for countless application scenarios where sensor nodes are unobtrusively embedded into systems for monitoring, tracking and surveillance operations. Many of these applications are extremely sensitive and thus security and privacy become essen- tial properties [27]. Extensive work has been done on the protection of sensor networks from the physical to the application layer but privacy preservation has only recently drawn the attention of the research community due to the imminent adoption of this technology in scenarios involving businesses, individuals and valuables assets. http://dx.doi.org/10.1016/j.ins.2015.01.016 0020-0255/Ó 2015 Elsevier Inc. All rights reserved. ⇑ Corresponding author. E-mail address: ruben@lcc.uma.es (R. Rios). Information Sciences 321 (2015) 205–223 Contents lists available at ScienceDirect Information Sciences journal homepage: www.elsevier.com/locate/ins