|
General issues | Goals |
Which particular aspect of privacy is at stake? |
Which kind of data are privacy-sensitive? |
Threats |
Which are the data privacy threats (if any)? |
Which are the entity privacy threats (if any)? |
|
Network decisions | Sensor |
How limited their resources are? |
May they move? If so, are there any boundaries? |
Are they placed following any strategy or randomly scattered? |
Sink |
How many of them are there? |
If they are several, do they cooperate? |
How powerful is it? |
Network |
Is any topology assumed (e.g., ring, tree) or it may work for any topology? |
Is the network organized in some way (e.g., cluster, areas)? |
If so, is this organization permanent? |
Trusted elements |
Are sensors trusted? If so, to what extent? |
Are sinks trusted? If so, to what extent? |
Are communications trusted? Which ones (e.g., sensor-sensor, sensor-sink, and sensor-user)? To what extent? |
Are there Trusted Third Parties? If so, what are they trusted for? |
|
Attacker-related decisions | Coverage |
Where is it placed? Is it internal, external, or both? |
Does it have global view? If so, how? |
Does it move over time? |
Nature |
Is it active, passive, or both? |
Presence |
If it involves internal nodes, is there any upper/lower limit? |
Knowledge |
Which information does it know? Does this information change over time? |
Behavior and resources |
Does it have any attack pattern? Is it honest? |
Does it attack for a given benefit to a particular subset of nodes? |
If it involves several entities, do they cooperate? To what extent? |
|