We consider the source–destination location privacy problem for routing in wireless networks. Previous routing schemes mainly provided privacy protection by minimizing the average detection probability of traffic analysis attempts. However, they do not seek to provide strict privacy guarantees of the vulnerable source–destination pairs, which could still be relatively easy to identify. To address this gap in the literature, we propose the (k,ϵ)-anonymity property for routing in wireless networks with privacy guarantees. We consider a Bayesian maximum-a-posteriori (MAP) inference-based adversary and design a probabilistic routing scheme that uses a statistical decision-making framework to compute the minimum-cost (k,ϵ)-anonymous paths. A routing scheme is (k,ϵ)-anonymous if there are k or more distinct source–destination pairs within an ϵ-tolerance of the MAP probability. We compare our approach against a baseline routing scheme that minimizes the average detection probability of the adversary, and our simulation results show that our approach provides significantly better (k,ϵ)-anonymity privacy guarantees while achieving comparable average adversarial detection probability. We also studied how the adversary's prior beliefs affect its detection probability and Bayes risk.
- Bayesian traffic analysis
- Location privacy
- Probabilistic routing
ASJC Scopus subject areas
- Computer Networks and Communications