180 likes | 316 Views
Opportunistic Sensing:. Apu Kapadia MIT Lincoln Laboratory. David Kotz Dartmouth College. Nikos Triandopoulos Boston University. Security Challenges for the New Paradigm. Michael Betancourt UCF - EEL 6788 Dr. Turgut. Overview. Introduction Urban Sensing Examples Applications Examples
E N D
Opportunistic Sensing: Apu Kapadia MIT Lincoln Laboratory David Kotz Dartmouth College Nikos Triandopoulos Boston University Security Challenges for the New Paradigm Michael Betancourt UCF - EEL 6788 Dr. Turgut
Overview • Introduction • Urban Sensing Examples • Applications Examples • Security Challenges a. Confidentiality and Privacy Issues b. Integrity Issues c. Availability Issues d. Challenges in Participatory Sensing 5. Conclusion
Introduction • Opportunistic people centric sensing • Small devices carried by people that sense information • Direct or indirect relation to human activity • Environmental conditions • Advantages • Leverage millions of devices • No need to manually deploy • Highly mobile and accessible • Disadvantages • High risks in security • Data integrity
Urban Sensing Examples CarTel • Maps traffic patterns BikeNet • Bicycle network infrastructure CenceMe • User activity social networking CarTel Interface CenceMe Interface BikeNet Interface
Application Examples • Urban data collection and processing • Large scale online data collection • Being able to locate lost objects • Measuring the flow of bicycles in an urban center • Environmental monitoring at the human level • Optimize energy usage for heating and cooling • Personal Environmental Impact Report
Security Challenges Overview Challenges • Context privacy • Anonymous tasking • Anonymous data reporting • Reliable data readings • Data authenticity • System integrity • Preventing data suppression • Participation • Fairness
Confidentiality and Privacy IssuesContext Privacy Problems • It is cumbersome for users to specify fine grain policies • Once the data is on the server who can access the h/w Solutions • Virtual walls • Group settings in categories • Only information outside the wall can be seen • Faces • Data changes according to who is viewing • Future Research • Determining what data can be used without being able to infer other data • Grabbing only enough data for application purpose without sacrificing usability
Confidentiality and Privacy IssuesAnonymous Tasking Problems • By tasking specific users it is possible to gain personal information • Determining reliability of participants could reduce anonymity Solutions • Tasking Service • Users download all tasks and selectively choose which to do • Attribute based authentication • Users reveal only their attributes
Confidentiality and Privacy IssuesMasking Users' Location • Blind Tasking • Transfer data to other nodes before uploading • Overall routing structure must be protected • Data needs to be encrypted to not be intercepted • Hitchhiking • Only include characteristics about location • Disadvantageous for limited popularity • Introduce blur and random jitter • Decreases accuracy • Amount of error needs to be constrained • Automatic Spatiotemporal Blurring • Generalize location through large geographical tiles • Only upload data when enough sets are available
Integrity IssuesReliable Data Storage Problems • Any participant with an appropriately configured device can report falsified data • Devices are controlled by users • Incentives to mask private information Solutions • Redundancy • Task cloning • Fixed sensor ground truth • Game Theory • Reputation based system
Integrity IssuesData Authenticity Problems • Tampered data during transit • Current schemes correspond to fixed sensors where there is a stable topological tree that spans sensors Solutions • Cryptographoically enhanced error-correcting techniques • Encrypted data that shows if it has been tampered with • Group signatures • Allows multiple groups to use a single verifying signature • Cracked signatures and be redistributed without taking down the entire infrastructure
Integrity IssuesSystem Integrity Problems • Tasks need to have their source verified • Data received needs to be accurate and temporally relevant Solutions • Task specific languages • Secure crytographic states • Provide topological, temporal and user-related parameters to validate the information received.
Availability IssuesPreventing Data Suppression • Denial of Service (DoS) due to devices ignoring task requests • Network availability of devices • Data consuming applications could be killed by users • If users are unable to control the data access, they are less likely to carry the device or permit tasks to be performed Distributed DoS (DDoS) Attack
Availability IssuesParticipation Problems • Users must have incentives to gain mass participation • Difficult to convince giving away private information with little to no benefit Solutions • Convenience is key to appeal • Provide incentives that are compatible with users' needs and interests • Privacy-aware hybrid payoff model • Beneficial services vs privacy loss they experience
Availability IssuesFairness • People centric applications provide direct benefits to users • Users will try to cheat to gain better service for themselves • Tasking others to complete their tasks • Not contributing back to the community BitTorrent Inc. Logo Battlefield 2142 Cover Art
Challenges in Participatory Sensing • Users are tasked and have to manually partake in gathering information • Additional security challenges arise as the user may leak more information than the task specifies • Taking a picture of a menu on a table • Integrity becomes difficult as the user can fabricate sensor data or not provide the correct results of the task • Ratings of a restaurant 4 Rivers Smokehouse Google User Review
Conclusion • Opportunistic people centric sensing • Most applications contain personal information • Securing that information becomes key • Providing a service that people would want to participate • Keepings users data secure as to not be harmed • Even obscuring the data may not be enough for complete anonymity • Participatory sensing needs additional security thought • Questions?