Counterfeit Clones: A Novel Technique for Source and Sink Location Privacy in Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are an essential part of the Internet of Things (IoT). In WSNs, sensors are randomly deployed in harsh environments for monitoring purposes. In such environments, employing only the content protection mechanisms available leaves WSNs vulnerable to unauthorized interception by global and local adversaries. An attacker may exploit contextual data to locate the source or the sink; therefore, context privacy is an exigent part of WSN privacy that cannot be neglected. WSN is used in many applications and can transmit sensitive information. To protect sensitive information, it is necessary to provide protection techniques to prevent the adversary from breaching and exposing the location of the source and sink. Past works focus on protecting the location at the routing level; however, the adversary could bypass that and easily locate the nodes by capturing frames and discovering the source and destination addresses. In this paper, we propose the Counterfeit Clones (CC) scheme to protect nodes’ location privacy at the data link layer by using a lightweight one-way hash function to hide the MAC address. At the routing level, fake sources and sinks are deployed to obfuscate the source and the destination node identity. The performance analysis results confirm that the CC technique has a longer safety time with lower energy consumption in comparison with some of the existing solutions. Compared to contrasting algorithms, CC can increase the safety time and protect the location privacy for source and sink with faster packet transmission to the base station.


I. INTRODUCTION
Wireless sensor networks contribute to enabling the Internet of Things (IoT) technology; however, with the prevalence of Internet of Things applications, from consumer-based applications to industrial and military applications, serious privacy concerns arise [1]. The advantages of linking both WSNs and other components of the IoT go beyond remote access as heterogeneous information systems can be able to cooperate and provide Common Services [2]. According to scientific estimates, at the end of 2022, the total number of wireless sensors deployed is expected to exceed 60 trillion, meaning10,000 sensors for every person in the world [3]. Although a WSN offers plenty, there exist major challenges that must be considered to allow them to become an intrinsic part of the IoT in a secure way. Wireless sensor networks are power constraint networks, having restricted computation and energy resources. This leaves them sufficiently vulnerable to attackers who deploy more resources than any single node or base station, which may not be a difficult task for them. Hundreds of nodes that can use broadcast or multicast transmission can comprise a typical sensor network. The broadcast nature of the transmission medium is the reason why wireless sensor networks are vulnerable to security attacks [4]. In WSNs, there are two major types of privacy-preservation techniques: data-oriented and context-oriented. A dataoriented method targets the privacy of data [5] [6] collected through sensor nodes and queries posted in the network. Context-oriented privacy can be defined as concerns regarding contextual information, such as the location and timing of traffic flows [7]. Sensors are independent and do not normally follow a central control entity because of their wide-scale and regular topology changes. Traditional security solutions are thus inapplicable as they require significant overhead and sufficient memory. One of the fundamental defenses against security threats is to prevent access to network nodes physically. This is impractical in WSNs since many applications involve the deployment of sensor nodes in remote and open areas that are difficult to reach, monitor, maintain, and defend against when it comes to unauthorized physical access [8]. Location privacy concerns in WSNs are arduous since their sensor nodes have distinct properties, including their well-defined communicational patterns and computational limitations. The open nature of the sensor network means an adversary can eavesdrop and trace the packets during transmission to locate the source and sink node location [9]. In addition, WSN is used in many applications and can transmit sensitive information. To protect this, it is necessary to provide protection techniques to prevent the adversary from breaching and exposing the location of the source and sink [10]. Many security protocols have been developed to ensure the confidentiality of the content messages, but even so the contextual information is still exposed, meaning the adversaries can continue to exploit the contextual information to derive sensitive information [11]. It is essential to preserve the location privacy of the source because the attacker can monitor the events occurring in the field. This information could be sensitive when the events are related to healthcare, the military, and others. Moreover, preserving the location privacy of the receiver is also significant because the base station is essential to operate the network. The whole network will stop working when the sink is compromised and crashed by the adversaries [12] [13].
Location privacy preservation techniques have been employed to preserve the location privacy of source sensor nodes and the sink. The "Panda-Hunter Game" problem is used in literature to showcase source location privacy preservation techniques. A WSN is employed to monitor pandas in their habitat using sensors and actuators mounted to them. Sensors send reports to the sink over the wireless network whenever a panda is close. Local adversaries can monitor part of the network. Also, they have a device capable of determining the direction of the received packets. Therefore, the adversaries can hear packets when they move. Furthermore, when the adversary overhears a packet, he will start to move to detect the source node, as shown in Fig. 1. Therefore, it is essential to mislead the adversary to increase safety time. Finally, the adversary can reach the source since the packets follow the same path. In this scenario, hunters exemplify a global or local adversary of the WSN who exploits the location privacy by passive or active attacks on the WSN communication, such as trace-back and traffic analysis attacks. Moreover, such attacks performed by hunters enable them to locate the data sources; therefore, exposing the location of the data source [14] [15]. To demonstrate the problem of sink location privacy, we consider the military application scenario where the soldiers are equipped with sensors. Messages will be sent to the base station when soldiers detect the enemy's presence. The attacker realizes that a significant number of packets have been collected by the base station and, therefore, chooses to destroy the base station. The entire network is disabled when this occurs. The secrecy of the base station's location is very important [16] [17]. Most research work focuses on preserving the privacy of the location of source nodes, while fewer concentrate on the problem of sinks. Furthermore, only few research studies consider source and sink security at the same time [18]. Basic terminologies used in the location privacy preservation have been listed as follows: Sink: also known as the base station, which is the node that oversees collecting and aggregating all the packets in the network [18].
Source node: known as a sensor node. Sensors are usually spread over a sensor field, and each of these nodes can collect data and route them to the sink [19]. The global attack: the assumption behind a global attack is that it can monitor every packet communication in the whole network. The protected object can be exposed once packet transmission occurs in the network [18]. Previous studies proposed methods to protect the source and sink location but some of them have many disadvantages, such as suffering from energy consumption due to producing and transporting a lot of fake packets. Furthermore, it suffers from a delay in transmission of the packets to the base station due to the need to deceive the adversaries and prevent them from exposing the location of real packets. The counterfeit clones overcome all these problems. The CC scheme shows better performance in terms of safety time than KCLP, SLP, and RBR. In addition, CC is faster than previous methods in transmission of the packets to the base station and has lower energy consumption compared with KCLP. Furthermore, CC assures to protect the privacy of source and base station, which leads to protecting the real path of real packets against the adversaries. In this paper, we propose a Counterfeit Clones scheme designed to protect the location of the source and sink by deploying a LOCHA (Light-weight One-way Cryptographic Hash Algorithm) hash function to provide dynamic IDs to obfuscate the adversaries. Cryptographic hash functions are essential to protect the authenticity of the information. However, most hash algorithms demand a huge computational overhead and high energy consumption, making them unsuitable for WSN. The hash algorithm has an essential role in modern cryptography. In addition, it is used in many security applications. The input in the hash function contains a string of arbitrary length and creates a fixed-length string as output. The LOCHA scheme aims to produce a hash-digest with a fixed and relatively small length suitable for an energy-starved wireless network. Moreover, this scheme helps the nodes run the algorithm with low energy. Finally, LOCHA has many properties, such as Preimage Resistance, Collision Resistance, and Second Preimage Resistance [20]. In the CC scheme, when a source node has a frame to send, it must first communicate with its cluster, then the cluster communicates with another cluster to select a fake node, and the sink node has a fake clone to prevent the adversary from tracking the packets during transmission. In addition, each node has a public and private key generated using the paillier cryptosystem with significant features such as fast and consuming minimal computational power. Counterfeit clones have a longer safety time with lower energy consumption than other solutions. The significant contributions of this paper are as follows: • Proposes a Counterfeit Clones scheme to preserve source and sink location privacy with strong privacy preserving ability. • The proposed counterfeit clones lead to better performance in safety time compared with other solutions. • The Counterfeit Clones scheme proves efficient to protect the packets during transmission and has a shorter delay than other schemes. • We provide a comprehensive analysis and experimental to prove the efficiency of the Counterfeit Clones scheme. • We provide extensive analysis to confirm the strong privacy preserving ability of the Counterfeit Clones scheme. The remainder of this paper is organized as follows. In Section II, we review the related schemes on location privacy for source and sink. Section III describes the network model and adversary model with the details of the proposed Counterfeit Clones scheme. Section IV evaluates the proposed technique using fixed scenario analysis. Section V concludes this paper and presents future research directions.

II. RELATED WORK
Numerous researches have been conducted on location privacy preservation of sensor networks, which can be classified into source-location privacy, sink-location privacy, or both.

A. SOURCE LOCATION PRIVACY
The issue with source-location privacy is hiding messages from an eavesdropper, which is serious for applications where an event's location is significant. We consider a sensor network, for instance, that tracks ally troops and enemy troops on battlefields. When enemies can determine the position of our troops from the sensor network's wireless signals, they can locate and more effectively target our troops [21]. Sourcelocation privacy in wireless sensor networks has gained remarkable attention in recent years, and several methods have been suggested in the literature.
Fake packets are used in [22] to obfuscate adversaries by transmitting data at a low rate to reduce overhead communication. The authors developed three schemes called Dummy Uniform Distribution (DUD), Dummy Adaptive Distribution (DAD), and Controlled Adaptive Dummy Distribution (CAD). Both the real and fake packets are transmitted at the same constant rate in the DUD, making it more difficult for adversaries to determine which transmitted packets are real or fake. Using the same constant rate, however, introduces high energy consumption. Thus, all the nodes are initialized as phantom nodes in DAD with a low constant transmission rate. Once the network has real packets, a higher transmission rate is allocated to them, while the fake packets are assigned a lower one. As the average transmission rate of real and dummy packets remains constant, the difference becomes impossible for the eavesdropper to detect. Furthermore, in CAD, packet loss is considered to further improve the packet delivery ratio.
Based on a dynamic routing scheme, Han et al. [23] developed a protocol (SLPDR) to protect source location against a local eavesdropper in wireless sensor networks. It interchangeably uses three categories of routing patterns, which are cyclic, greedy, and directed routing. The scheme randomly chooses an initial node from the boundary of the network. Packages will travel a greedy route and subsequently a directed route before reaching the sink. SLPDR aims to maximize paths for data transmission, and the lengths of the routing paths tend to be consistent and do not require going through intermediate nodes from a remote area. SLPDR is also an energy-efficient protocol since there are enough dummy packets to confuse the adversary without significantly shortening the network lifetime. To buffer the real data packets, a ring was used. As the fake packets generated by a boundary node pass by the ring, the fake data packets are replaced with real ones to be sent to the sink node. However, when the adversary appears on the ring where the source node resides, Yu He et al. in [24] stated that this approach is insufficiently secure.
The use of dummy data sources is a common strategy for providing source location privacy. Chakraborty et al. [25] introduced a framework that dynamically generates virtual sources named staircase-based branching location privacypreserving (SBBLPP or LDPB) based on differential privacy-based message transmission by randomly selected nodes using the staircase mechanism. This generates dummy sources which, in turn, increase the region of uncertainty (ROU). The framework has two main steps, the staircase, and the branching mechanism. The staircase mechanism enhances the system's resistance to intersection attack, while the branching mechanism generates virtual sources that increase the number of routing paths, thereby overcoming backtracking attacks. The nodes absent in the routing path randomly select themselves by following staircase distribution and transmit fake patterns identical to the real packets. Each selected node acts as a virtual source, and everyone generated follows a routing path for transmitting packets from the source to the sink. The increase in the number of routing paths makes it difficult for the adversary to backtrack to the original or real source nodes.
The deferentially private framework presented in [26] involves a method based on the generation of dummy events followed by message transmission prompted by the aforementioned framework assigned to randomly selected nodes. The study introduced the notion of location differential mechanism to make the event privacy insensitive to the participation of individual nodes in the event-reporting process. Furthermore, it showed that the first component of the mechanism can anonymize the actual event occurrences by generating dummy events such that the traffic triggered by both events is identical. By replacing the network with continual fake traffic that mimics the actual events through an aperiodic mechanism, the process of hiding event occurrence is made energy efficient. This is followed by the location differential privacy (LDP), a technique that provides and preserves the privacy of an event by the selective generation of real or fake traffic, a mechanism that guarantees the location privacy of an event by creating an enhanced region of uncertainty.

B. SINK LOCATION PRIVACY
The primary issue with sink-location privacy involves concealing the destination (i.e., a sink node) of the messages from an eavesdropper, which is important for a sensor network where network survival is significant. For example, a sensor network monitoring battlefields should resist physical attacks on the network. If enemies can ascertain the validity of a sink node, they will attempt to destroy it to break down the entire network [21]. To address the issue of sinklocation privacy in WSNs, the Ring Based Routing (RBR) technique is presented in [27]. It consists of numerous routing rings and lines where data from the nodes are not transmitted directly to the sink but the nearest routing ring. In this way, data are transmitted via each sensor node in the ring and then through the routing lines to other routing rings, where the number of nodes in the fake sink is equal to that of the nodes in the network. More specifically, the routing rings shift in random arrangements under the RBR strategy, which can trouble attackers even when the sink location is static. Thus, this significantly improves the confidentiality of the sink position. The routing rings are also developed in conjunction with the exhaustive monitoring of network energy, which can promote the full use of any remaining energy and increase efficiency and network life. In telemedicine networks, the sink node is most vulnerable to attacks because it is where sensitive data will be collected. In [28] a privacy-preserving protocol for sink nodes in WSNs was proposed to protect it in telemedicine networks. The technique works as follows: initially, the sink node broad casts a beacon packet, which carries a number to count the hops, and the initial value of this packet is zero. The fake sink nodes in the network should also broadcast a beacon packet to build the fake lists further. The actions of the fake sink nodes are the same as those of the real sink node. The source node can generate data packets. The sink nodes, either real or fake, can request for the data packets generated by the source node. In the PSNL-TNs scheme, the data transmission process is bidirectional, which differs from traditionally unidirectional data transmission processes. Via this method, it is more complex for adversaries to find the location of the real sink node because every node in the network can be the start or end of a transmission process. To cope with the direct attack, Jian Wang et al. [29] improved a scheme based on injecting fake packets and directed random walks of real packets where they move in specific phase to hide direction information under a direct attack. Many fake nodes in this work are set to secure the actual sink's position. Fake packets are generated with a predetermined probability at the intersection nodes, and they are transmitted to the fake sink only. The likelihood that the sink will be located is dependent on the number of fake sinks. The probability of making a fake packet adjusts the time and energy consumption for protection.

C. SOURCE AND SINK LOCATION PRIVACY
The above works demonstrate the efficient use of fake packets for both the source and sink location privacy. A fake source and a fake sink have been used in [30] to protect the location of the real source and the real sink along with kmeans clustering to elongate the routing path and to boost safety. The use of different routing patterns of the fake and the real packet has reduced network delay.
In [31], four location privacy protection schemes were proposed: forward random walk (FRW), bidirectional tree (BT), dynamic bidirectional tree (DBT), and zigzag bidirectional tree (ZBT), respectively. Among them, both the DBT scheme and ZBT scheme build some branch routes in the route from the real source node to the sink node to improve the privacy protection performance. In the DBT scheme, real messages are delivered along the shortest path, making it possible for the eavesdropper to infer the location of the source or sink by extending the line of the shortest path. So, a proxy source and a proxy sink are adopted in the ZBT scheme, which prevents the adversary from inferring the location of the source or sink easily.
For many wireless sensor networks, anonymous communication is very essential because it can conceal the identity of key nodes like the base station or a source node. An Efficient Anonymous Communication (EAC) protocol is used in [26] to guarantee anonymity for sender and base station as well as communication between them by using symmetric cryptography and hashing function. However, before the deployment of nodes, they are preloaded with parameters that include random numbers, pairwise keys, and hashing functions. A node i has a random number shared with the base station, a shared random number with node j, and another with all its neighbors. Moreover, a node i shares two pairwise keys, one with the base station and another with node j. Each node has a neighboring table. EAC implements four schemes for anonymous communications, which are anonymous data sending, anonymous data forwarding, anonymous broadcast, and anonymous acknowledgment.
A hash-based scheme is used in [27] to provide location privacy for both source and receiver nodes at the data link layer through a cryptosystem. A data link layer frame of WSN is mainly composed of a source address, a destination address, payload, and FCS checksum. Payload is wellprotected by cryptosystems almost impervious to attacks. HASHA uses dynamic addresses to prevent adversaries from identifying nodes in the network. The dynamic addresses the rehashed results of all previous frames successfully transmitted from the sender and the receiver. To track the communication between the sender and the receiver, the adversary must receive all frames from them correctly. If one frame is corrupted at the adversary but correct at the receiver, the adversary cannot know the addresses of the sender and the receiver during the following transmissions.

III. Counterfeit Clones
This section describes the proposed Counterfeit Clones scheme, which contains three main steps: first, every sensor node is loaded in the network with the public and private keys. Second, before sending frames, the sensor node must communicate with its cluster head to select another node in another cluster to act as a fake node to prevent the adversary from locating the real node. Third, to protect the location privacy of the sink, select one of the cluster heads to act as a fake sink to receive all the fake packets.

A. ADVERSARY MODEL
The attacker eavesdrops on the wireless connections and tries to use the network traffic to determine the location of the object. Suppose the attacker is a global adversary with a full view of the entire network. To listen to all interactions, the adversary has expensive sniffers and a powerful laptop. The adversary analyzes the information collected by the sniffers to locate the source node that is triggered by the objector, the sink node that collects enormous data. Moreover, it is assumed that the adversary will launch only passive attacks [27].

B. NETWORK MODEL AND ASSUMPTIONS
Counterfeit Clones (CC) is a WSN privacy scheme designed to protect the location of the source and the sink by deploying a LOCHA hash function. [20], which is a light-weight oneway hashing to sensors and sink IDs to provide dynamic IDs that are indistinguishable to the adversary to create identity confusion. The scheme is suitable for periodic information retrieval with APTEEN (Adaptive Periodic Thresholdsensitive Energy Efficient Sensor Network), a protocol for WSN with a balanced structure and which was developed for hybrid networks. In this protocol, when determining the cluster heads, every cluster head should broadcast four parameters' attributes, thresholds, schedule, and count time. There are many features of this scheme. First, it enables the user to overview the entire network, also, it can respond to any essential changes. Second, it gives the user opportunity to set the time interval (TC) and the threshold values for the attributes. Third, it can control energy consumption [32]. Before deploying the network, each sensor node is loaded with a public and private key, where the public key is shared with the sink and a secret key protects the addresses in data link layer frames identical for all nodes. These two keys are generated using the paillier cryptosystem, which has proven to be fast and consumes minimal computational power [33]. Fig.  2 illustrates the network model of the CC scheme. First, every sensor node in a cluster must have one fake node in another cluster to act as its "counterfeit clone." When a source node has a frame to send, it will first send an acknowledgment frame to its cluster head. The cluster head will communicate with another that will select one of its cluster nodes as a fake source. After selecting the fake node, it will send an acknowledgment. The real source and fake source will transmit packets simultaneously, the former reaching the real sink and the latter the fake. Second, regarding the location privacy of the sink, the adversary will attempt to deduce the sink's location using traffic analysis by finding the region with the highest traffic volume and concluding that the sink should be situated within that region [34]. The transmission ratio of nodes closer to the sink is high, implying the presence of the sink. Therefore, to vary the traffic of the network, a fake sink will be selected during the clustering using APTEEN protocol. One of the cluster heads will be selected to act as a fake sink. This fake sink will receive all the fake packets, creating difficulty for the adversary to distinguish between the real and fake as they have the same size and possess dynamic IDs. The distance between the real sink and the fake sink must be factored in because, if they are too close, then the location privacy protection is meaningless. The number of fake sources nodes and fake sink nodes are system parameters that provide a trade-off between security and energy consumption. Algorithm 1 describes the transmission process of the frames from the source node to the base station. When the sensor detects a target and holds a frame to be transmitted, it will generate new IDs using the LOCHA hash function. Then, it will send the frame with these new IDs. After that, it will create a timer, and, if it receives an acknowledgment with a correct FCS, it will compare the source address with its own. If it matches, then it will generate new IDs upon timeout, and the frame will be retransmitted. Algorithm 2 describes the process of receiving a frame. Here, there are more two variables to keep the old addresses. When the sink receives a frame with a proper FCS (see Table 1), it will compare the source address with its own to determine a match. If so, then it will store the current addresses as old addresses and generate new ones. After that, it will send an acknowledgment frame to the old address. When the sink receives a frame that matches its old address, this means the acknowledgment frame was lost and it will resend it.
When an event occurs, the source node starts to send packets, and those packets carry contextual information like the location of the source node and the time of the event. Therefore, the adversary can eavesdrop on the transmission to obtain this contextual information. Furthermore, an adversary can attack the packets when being transmitted. There are two types of attacks that may occur: Backtracking Attack: when the adversary is close to the sink, he can monitor and perceive the sink when it receives data, which will lead to backtracking the path to find the sensor node. Intersection Attack: many source nodes can sense an event when it occurs. Moreover, transmitting all packets corresponding to the event. Therefore, the adversary can locate and observe the source nodes by the backtracking attack, which leads to finding the correct event. This type of attack reduces the region of uncertainty, which can help the adversary to reduce the search area to find the event [26].

IV. PERFORMANCE ANALYSIS
The simulation used in this paper is the same in KCLP. In addition, we implement the algorithm in MATLAB R2020b. We estimate the side length of the network is different from 500 m to 1200 m. The entire network is split into equal-sized grids, with the length of a grid element d equal to 50 m; all nodes are deployed randomly. In this section, we evaluate the performance of our proposed Counterfeit Clones scheme. We consider three primary metrics to evaluate the performance: safety time, energy consumption, and delay. The mean of safety time refers to the time taken by adversaries to locate and determine the location. The energy consumption is the total energy cost. Finally, the delay is the time for transmission packets from source to sink. Three algorithms compared to the CC scheme are SLP [35], RBR [36], and KCLP [30]. It is a technique to protect the source against attackers by generating many phantom locations far away from the source and widely distributed. SLP can improve security and privacy significantly. In this scheme, when a source detects an event it will start flooding within a limited area. The flooding packets will be transmitted to every source. Therefore, the source generates and sends a packet to the base station by an h-directed routing. Finally, the packets will be transmitted through the shortest path routing from the phantom locations to the base station. SLP contains four steps: network initialization, h-hops limited flooding initialized from the source, h-directed routing, and the shortest path routing [35]. Ring-based routing (RBR) is a collection of various rings in circular network topology and routing lines. In RBR, the source node does not directly send the packets to the sink. All ring nodes must participate in the data routing process to increase the randomness. To send the packets, one node in the ring starts forwarding the packet to another ring, and then will forward data to all remaining nodes. Finally, this process will be repeated until data reach the sink from the nearest sink [36]. KCLP k-means clusterbased location privacy (KCLP) is a technique used to protect source location privacy and sink location privacy. The KCLP scheme includes three steps. The first step, locate the cluster area by sending two empty packets simultaneously from the source and the sink. Second, use k-means to cluster. Third, use routing strategies. This scheme uses fake source nodes to act as real sources, and fake sink nodes act as real sinks to protect the location privacy for source and sink. When transmitting the packets, only the real source can send real packets to the real sink, and fake source nodes send fake packets to fake sink nodes. All packets should go through the cluster area to protect direction. Therefore, all real packets are transmitted from real source to real sink through the shortest path to reduce delay and energy consumption [30]. Both CC and KCLP are source-sink location privacy schemes that use fake packets. These similarities were the reason for choosing this scheme as a contrast scheme. Three metrics are employed to evaluate the performance of the proposed solution, which are safety time, energy consumption, and delay time. Safety time refers to the time taken by the adversary to locate the source or the sink and energy consumption refers to the total energy cost by round. The network size ranges between 500 m and 1200 m. The Panda-hunter model was used to prove the security of the proposed solution. When the panda is monitored, the source nodes will generate and transmit packets periodically through the sensors one by one to the base station. Then the hunter starts from the base station to locate the source by tracing the packets back hop by hop. In the Counterfeit Clones scheme, when a source tries to transmit packets, it will first communicate with its cluster to select a node from another cluster to act as a fake source then start to transmit the real and fake packets simultaneously. Furthermore, to protect the privacy of the real sink it will select a cluster head to act as a fake sink. The adversary cannot locate the real sink and real source since there are counterfeit clones of the source and sink. Furthermore, when the source node wants to transmit packets to the base station, the real and fake source transmits the packets simultaneously, making it difficult for the adversary to locate the real source. On the other hand, to preserve the location privacy of the base station, the real and fake sink receive the packets simultaneously to mislead the adversaries. Therefore, it is challenging for a hunter to trace back the path of packets to locate the real source due to the many phantom paths that will lead to a fake source. Also, he cannot locate the real sink and real source node because there is a fake source and sinks, which make them indistinguishable by adversaries. Furthermore, we compare safety time with other schemes. Safety time is the total time the adversary takes to find the location. As mentioned earlier, hops demonstrate safety time. The safety time in the SLP scheme is based on the number of phantom nodes used to transmit packets, and the routing pattern is typically the shortest path route, which makes the safety time too brief. The safety time of the RBR scheme mainly increases the length of each ring. The safety time of KCLP depends on whether the three clusters are fixed or not. As presented in Fig. 3, the CC scheme shows better performance in terms of safety time than KCLP, SLP, and RBR. Moreover, energy consumption is the total energy cost. The energy consumption in the KCLP scheme increases with an increase in the side length of the network. Furthermore, the safety time in the KCLP is usually translating to greater energy consumption when many fake packets are used. Also, it is based on whether the three clusters are fixed or not, and which fake sink receives the fake packet. The SLP and RBR show better performance in terms of energy consumption compared to the Counterfeit Clones scheme since they did not have the fake packets in their scheme. Furthermore, CC has a slight overhead in energy consumption due to producing and transporting fake packets. We use the same radio model as in [37] which is the first order radio model. In this model, a radio dissipates Eelec = 50 nj/bit to run the transmitter or receiver circuitry and amp = 100 pJbit/m 2 for the transmitter amplifier. The radios have power control and can expend the minimum required energy to reach the intended recipients. The radios can be turned off to avoid receiving unintended transmissions. An r 2 energy loss is used due to channel transmission. Equations (1), (2), (3) and (4) are used to calculate transmission costs and receiving costs for a k-bit message and a distance d are shown below: Transmitting: Receiving: Receiving is also a high-cost operation; therefore, the number of receives and transmissions should be minimal. In our simulations, we used a packet length k of 2000 bits. With these radio parameters, when d2 is 500, the energy spent in the amplifier part equals the energy spent in the electronics part, and, therefore, the cost to transmit a packet will be twice the cost to receive. It is assumed that the radio channel is symmetric so that the energy required to transmit a message from node i to node j is the same as energy required to transmit a message from node j to node i for a given signal to noise ratio (SNR) [38]. As presented in Fig. 4, the CC scheme shows better performance in terms of energy consumption than KCLP. CC may consume energy due to the transmission of the fake packets. In addition, we measure the delay time based on the number of hops for the CC scheme. In KCLP, the real packet is routed through the shortest path, so the delay is close to the SLP scheme. On the other hand, packets in the RBR scheme are routed along the ring; thus, the delay is longer. Hint: the scale of the RBR scheme is more than 70; it is between 140 and 320, but to preserve the scale, we illustrate it as shown in Fig. 5, where the CC scheme shows that it has a lower delay than KCLP, SLP, and RBR.

V. CONCLUSION
This paper proposed a novel source location privacy scheme for the source and the sink involving counterfeit clones. The CC scheme is an efficient mechanism to protect the source node and base station. When a sensor node wants to send packets to the sink, it uses other sensors to act as counterfeits to the sender sensor node and a cluster head to act as a fake sink while using a LOCHA hashing operation on the IDs of the nodes to obfuscate their identities further. The CC assumes a passive global adversary. Since there is a fake sensor node, fake sink, and phantom paths, it is difficult for adversaries to locate the real source and sink. We consider three metrics to evaluate the scheme's performance, which are safety time, energy consumption, and delay time. We compare the CC scheme against three mechanisms, SLR, RBR, and KCLP. The CC scheme shows better performance in terms of safety time and delays than other schemes. Furthermore, has lower energy consumption compared to the KCLP scheme. The SLP and RBR showed better performance in terms of energy consumption because they did not use fake packets. Future work to improve the CC methodology consists of (1) increasing the number of clones with a random probability of their distance and their level and (2) developing a mechanism that makes the clones dynamic rather than static (i.e., they change throughout the network lifetime and the number of assigned clones changes from one node to another).