Security and Privacy in Emerging Aerospace Scenarios - Pierangela Samarati

Security and Privacy inEmerging Aerospace Scenarios

Pierangela SamaratiDipartimento di Tecnologie dell’Informazione

Università degli Studi di [email protected]

ESTEL Conference presentationRome, Italy - December 21, 2011

c©Pierangela Samarati 1/14

The modern Information Society

• Computers, mobile smart devices, and space technology are atthe basis of the modern Information Society for enhancing thequality of life

• Space technology in ICT:◦ provide communications

◦ provide broadcast services

◦ deliver services (e.g., e-learning, e-health, e-commerce) to remoteregions

◦ observe the Earth (e.g., environmental monitoring, urban planning,disaster management)

◦ provide time and space localization (GPS)

◦ study near-Earth space and explore the solar system and thedistant universe

◦ . . .


Security in Aerospace Systems

Aerospace security

• Guaranteeing security requires protecting the aerospaceinfrastructure (satellites, planes, ground stations),communications, and applications, to ensure:

◦ integrity of data and resources

◦ confidentiality of information (privacy)

◦ availability (no denial of services)


Security techniques

• Some protection can be achieved by applying classicaltechniques, e.g.:

◦ authentication of users and devices

◦ access control

◦ firewalls

◦ antiviruses and intrusion detection systems

◦ encryption for protecting data in storage and communications

• In emerging scenarios there are new challenges, e.g.:

◦ integrity and privacy in data management

◦ privacy in location-based applications


Integrity and Privacy in Data Management

Integrity and privacy in data management

• The evolution of technologies for data management applies alsoto satellite and aerospatial data stored and processed at basestations

• Outsourcing data and services to external servers can provide

+++ significant cost savings and service benefits

+++ higher availability and more effective disaster protection thanin-house operations

=⇒ natural evolution to move to the cloud environment

• In addition to classical challenges, a major problem is:

−−− data are not under the data owner’s control


Privacy in outsourced and cloud environment

• Some data can be sensitive and cannot be known by partiesdifferent than the owner (honest-but-curious servers)

=⇒ need to identify what information is sensitive and protect itfrom the eyes of the storing and processing servers

◦ store and process data in encrypted form

− manage encrypted data, indexing for query execution, access controlenforcement, protect confidentiality of accesses

◦ break sensitive associations by storing data in the form of nonlinkable fragments

− e.g., association between an image taken by a satellite and thecorresponding location data


Integrity in outsourced and cloud environment

• External lazy/malicious servers can misbehave=⇒ data in storage can be compromised (e.g., altered data,

missed updates)

◦ digital signatures

◦ authenticated data structures

=⇒ queries might be not performed properly returning anincorrect or incomplete result

◦ authenticated data structures (e.g., Merkle tree)

◦ probabilistic approaches (e.g., data replications, marker tuples)


Privacy in Location-based Applications

Location-based services in the Information Society

• Location-based services are becoming part of our daily life

◦ positioning of objects and persons (e.g., car navigation via a GPSdevice)

◦ searching for information on objects or services on a map (e.g.,locating a specific supermarket)

◦ tagging resources with geographic information (e.g., geo-tags inTwitter)

=⇒ may raise privacy concerns


Privacy issues in location services

• GPS tracking devices may be used for safety and security reasonsand for monitoring users’ activities

X used to allow parents to keep track of their children’s whereabouts

X used for monitoring aging parents with Alzheimer’s disease

! used for physical surveillance for gathering information needed forinvestigations

! used by car rental companies for tracking their cars and chargingdrivers in case of agreement infringements

! used by employers for tracking the vehicles driven by theiremployees

−−− exploited by marketing companies for providing location-basedadvertisements


Privacy in location-based applications

• Different aspects:

◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include

at least other k-1 users(k-anonymity)

protect the location of users (location privacy)=⇒ obfuscate the area so to

decrease its precision orconfidence

protect the location path of users (trajectory privacy)

=⇒ block tracking by mixingtrajectoriesc©Pierangela Samarati 13/14





















◦ protect the location of users(location privacy)=⇒ obfuscate the area so to


























◦ protect the location path ofusers (trajectory privacy)=⇒ block tracking by mixing

trajectoriesc©Pierangela Samarati 13/14

















Conclusions

• Space technology in ICT:

+++ enable new services and applications enhancing the quality of life

+++ promote social and economic development

◦ require addressing security and privacy issues to ensurecorrectness of applications and social acceptability


Technology

Security and Privacy in Emerging Aerospace Scenarios - Pierangela Samarati