Upload
dasha
View
53
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Opportunistic Sensing:. Apu Kapadia MIT Lincoln Laboratory. David Kotz Dartmouth College. Nikos Triandopoulos Boston University. Security Challenges for the New Paradigm. Michael Betancourt UCF - EEL 6788 Dr. Turgut. Overview. Introduction Urban Sensing Examples Applications Examples - PowerPoint PPT Presentation
Citation preview
Opportunistic Sensing:Security Challenges for the New Paradigm
Michael BetancourtUCF - EEL 6788
Dr. Turgut
Apu KapadiaMIT Lincoln Laboratory
David KotzDartmouth College
Nikos TriandopoulosBoston University
Overview
1. Introduction2. Urban Sensing Examples3. Applications Examples4. Security Challenges
a. Confidentiality and Privacy Issues b. Integrity Issues c. Availability Issues d. Challenges in Participatory Sensing5. Conclusion
Introduction
• Opportunistic people centric sensingo Small devices carried by people that sense informationo Direct or indirect relation to human activityo Environmental conditions
• Advantageso Leverage millions of deviceso No need to manually deployo Highly mobile and accessible
• Disadvantageso High risks in securityo Data integrity
Urban Sensing ExamplesCarTel• Maps traffic patterns
BikeNet• Bicycle network infrastructure
CenceMe• User activity social networking CarTel Interface
BikeNet InterfaceCenceMe Interface
Application Examples
• Urban data collection and processingo Large scale online data collectiono Being able to locate lost objectso Measuring the flow of bicycles in an urban center
• Environmental monitoring at the human levelo Optimize energy usage for heating and coolingo Personal Environmental Impact Report
Security Challenges Overview
Challenges1. Context privacy– Anonymous tasking– Anonymous data reporting– Reliable data readings– Data authenticity– System integrity– Preventing data suppression– Participation– Fairness
Confidentiality and Privacy IssuesContext PrivacyProblems• It is cumbersome for users to specify fine grain policies• Once the data is on the server who can access the h/w
Solutions• Virtual walls
o Group settings in categorieso Only information outside the wall can be seen
• Faceso Data changes according to who is viewing
• Future Researcho Determining what data can be used without being able to
infer other datao Grabbing only enough data for application purpose
without sacrificing usability
Confidentiality and Privacy IssuesAnonymous TaskingProblems• By tasking specific users it is possible to gain personal
information• Determining reliability of participants could reduce
anonymitySolutions• Tasking Service
o Users download all tasks and selectively choose which to do
• Attribute based authenticationo Users reveal only their attributes
Confidentiality and Privacy IssuesMasking Users' Location• Blind Tasking• Transfer data to other nodes before uploading
o Overall routing structure must be protectedo Data needs to be encrypted to not be intercepted
• Hitchhikingo Only include characteristics about locationo Disadvantageous for limited popularity
• Introduce blur and random jittero Decreases accuracyo Amount of error needs to be constrained
• Automatic Spatiotemporal Blurringo Generalize location through large geographical tileso Only upload data when enough sets are available
Integrity IssuesReliable Data StorageProblems• Any participant with an appropriately configured device can
report falsified data• Devices are controlled by users• Incentives to mask private information
Solutions• Redundancy
o Task cloningo Fixed sensor ground truth
• Game Theoryo Reputation based system
Integrity IssuesData AuthenticityProblems• Tampered data during transit• Current schemes correspond to fixed sensors where there is
a stable topological tree that spans sensorsSolutions• Cryptographoically enhanced error-correcting techniques
o Encrypted data that shows if it has been tampered with• Group signatures
o Allows multiple groups to use a single verifying signatureo Cracked signatures and be redistributed without taking
down the entire infrastructure
Integrity IssuesSystem IntegrityProblems• Tasks need to have their source verified• Data received needs to be accurate and temporally relevant
Solutions• Task specific languages• Secure crytographic states
o Provide topological, temporal and user-related parameters to validate the information received.
Availability IssuesPreventing Data Suppression• Denial of Service (DoS) due to devices ignoring task
requests• Network availability of devices• Data consuming applications could be killed by users• If users are unable to control the data access, they are less
likely to carry the device or permit tasks to be performed
Distributed DoS (DDoS) Attack
Availability IssuesParticipationProblems• Users must have incentives to gain mass participation• Difficult to convince giving away private information with little
to no benefitSolutions• Convenience is key to appeal• Provide incentives that are compatible with users' needs and
interests• Privacy-aware hybrid payoff model
o Beneficial services vs privacy loss they experience
Availability IssuesFairness
• People centric applications provide direct benefits to users
• Users will try to cheat to gain better service for themselveso Tasking others to complete
their taskso Not contributing back to the
community
BitTorrent Inc. Logo
Battlefield 2142 Cover Art
Challenges in Participatory Sensing
• Users are tasked and have to manually partake in gathering information
• Additional security challenges arise as the user may leak more information than the task specifieso Taking a picture of a menu on a table
• Integrity becomes difficult as the user can fabricate sensor data or not provide the correct results of the tasko Ratings of a restaurant
4 Rivers Smokehouse Google User Review
Conclusion
• Opportunistic people centric sensing• Most applications contain personal information• Securing that information becomes key
o Providing a service that people would want to participateo Keepings users data secure as to not be harmedo Even obscuring the data may not be enough for complete
anonymity• Participatory sensing needs additional security thought• Questions?