570 likes | 760 Views
Urban defense using mobile sensor platforms: surveillance, protection and privacy Homeland Security Workshop, Baia, Naples Sept 21, 2009. Mario Gerla Computer Science Dept, UCLA www.cs.ucla.edu/NRL. Outline. Vehicular Ad Hoc Networks (VANETs) Opportunistic ad hoc networking
E N D
Urban defense using mobile sensor platforms: surveillance, protection and privacyHomeland Security Workshop, Baia, Naples Sept 21, 2009 Mario Gerla Computer Science Dept, UCLA www.cs.ucla.edu/NRL
Outline • Vehicular Ad Hoc Networks (VANETs) • Opportunistic ad hoc networking • V2V applications • Content distribution • Urban surveillance - MobEyes (UCLA) • MobEyes vs roadside CCTV • Case study: tracking terrorist attack path • Security and Privacy in urban surveillance • UCLA CAMPUS Testbed
Traditional Mobile Ad Hoc Network • Instantly deployable, re-configurable (no fixed infrastructure) • Satisfy a “temporary” need • Mobile (eg, PDAs) • Low energy • Multi-hopping ( to overcome obstacles, etc.) • Challenges: Ad hoc routing, multicast, TCP, etc Examples: military, civilian disaster recovery
Vehicular Ad Hoc Network (VANET) • No fixed infrastructure? • Several “infrastructures”: WiFi, Cellular, WiMAX, Satellite.. • “Temporary” need? • For vehicles, well defined, permanent applications • Mobile? • YES!!! But not “energy starved” • Multi-hop routing? • Most of the applications require broadcast or “proximity” routing • Infrastructure offers short cuts to distant destinations • Multihop routing required only in limited situations (eg, Katrina scenario) • VANET => OpportunisticAd Hoc Network • Access to Internet readily available, but.. • opportunistically “bypass it” with “ad hoc” if too costly or inadequate
The Enabling Standard: DSRC / IEEE 802.11p • Car-Car communications at 5.9Ghz • Derived from 802.11a • three types of channels: Vehicle-Vehicle service, a Vehicle-Roadside service and a control broadcast channel . • Ad hoc mode; and infrastructure mode • 802.11p: IEEE Task Group for Car-Car communications
V2V Applications • Safe Navigation • Efficient Navigation/Commuting (ITS) • Location Relevant Content Distr. • Urban Sensing • Advertising, Commerce, Games, etc
V2V for Safe navigation • Forward Collision Warning, • Intersection Collision Warning……. • Advisories to other vehicles about road perils • “Ice on bridge”, “Congestion ahead”,….
Car to Car communications for Safe Driving Vehicle type: Cadillac XLRCurb weight: 3,547 lbsSpeed: 65 mphAcceleration: - 5m/sec^2Coefficient of friction: .65Driver Attention: YesEtc. Vehicle type: Cadillac XLRCurb weight: 3,547 lbsSpeed: 75 mphAcceleration: + 20m/sec^2Coefficient of friction: .65Driver Attention: YesEtc. Alert Status: None Alert Status: None Alert Status: Inattentive Driver on Right Alert Status: Slowing vehicle ahead Alert Status: Passing vehicle on left Vehicle type: Cadillac XLRCurb weight: 3,547 lbsSpeed: 45 mphAcceleration: - 20m/sec^2Coefficient of friction: .65Driver Attention: NoEtc. Vehicle type: Cadillac XLRCurb weight: 3,547 lbsSpeed: 75 mphAcceleration: + 10m/sec^2Coefficient of friction: .65Driver Attention: YesEtc. Alert Status: Passing Vehicle on left
V2V for Efficient Navigation • GPS Based Navigators • Dash Express (just came to market in 2008): • Synergy between Navigator Server and Dept of Transp
Location relevant content delivery • Traffic information • Local attractions • Tourist information, etc CarTorrent : cooperative download of location multimedia files
You are driving to VegasYou hear of this new show on the radioVideo preview on the web (10MB)
One option: Highway Infostation download Internet file
Incentive for opportunistic “ad hoc networking” Problems: Stopping at gas station for full download is a nuisance Downloading from GPRS/3G too slow and quite expensive 3G broadcast services (MBMS, MediaFLO) only for TV Observation: many other drivers are interested in download sharing Solution: Co-operative P2P Downloading via Car-Torrent (like Bit Torrent in the Internet)
CarTorrent: Basic Idea Internet Download a piece Outside Range of Gateway Transferring Piece of File from Gateway
Co-operative Download: Car Torrent Internet Vehicle-Vehicle Communication Exchanging Pieces of File Later
Car Torrent inspired by BitTorrent: Internet P2P file downloading Uploader/downloader Uploader/downloader Uploader/downloader Tracker Uploader/downloader Uploader/downloader
Simulation Results • Completion time density 200 nodes40% popularity Time (seconds)
Vehicles as Mobile Sensor Platforms • Environment • Traffic density/congestion monitoring • Urban pollution monitoring • Pavement, visibility conditions • Civic and Homeland security • Forensic accident or crime site investigations • Terrorist alerts
Accident Scenario: storage and retrieval • Public/Private Cars (eg, busses, taxicabs, police, commuters, etc): • Continuously collect images on the street (store data locally) • Process the data and detectan event • Classify the event asMeta-data(Type, Option, Loc, time,Vehicle ID) • Distribute Metadata to neighbors probabilistically (ie, “gossip”) • Police retrieve data from public/private cars Meta-data : Img, -. (10,10), V10
HREP HREQ Mobility-assisted Meta-data Diffusion/Harvesting Agent harvests a set of missing meta-data from neighbors Periodical meta-data broadcasting + Broadcasting meta-data to neighbors + Listen/store received meta-data
How to store/retrieve the Metadata? Several options: • Upload to nearest Access Point (Dash Express; Cartel project, MIT) • “Flood” data to all vehicles (eg, bomb threat) • Publish/subscribe model: publish to a mobile server (eg, an “elected”vehicle) • Distributed Hash Tables (eg, Virtual Ring Routing - Sigcomm 06) • “Epidemic diffusion” -> our proposed approach
MobEyes: Mobility-assisted Diffusion/Harvesting • Mobeyes exploit “mobility” to disseminate meta-data! • Source periodically broadcasts meta-data to neighbors • Only source advertises meta-data to neighbors • Neighbors store advertisements in their local memory • Drop stale data • A mobile agent (the police) harvests meta-data from vehicles by actively querying them (with Bloom filter)
Simulation Experiment • Simulation Setup • NS-2 simulator • 802.11: 11Mbps, 250m tx range • Average speed: 5 to 25 m/s • Mobility Models • Random waypoint (RWP) • Real-track model (RT) : • Group mobility model • merge and split at intersections • Westwood map
Higher mobility decreases harvesting delay Number of Harvested Summaries Time (seconds) Meta-data harvesting delay with RWP V=25m/s V=5m/s
Number of Harvested Summaries Time (seconds) Harvesting Results with “Real Track” • Restricted mobility results in larger delay V=25m/s V=5m/s
Urban Surveillance via CCTV • In urban areas, the first line of defense has traditionally been fixed video cameras • Chicago, the leader in the US: • 2,000 remote-control cameras and motion-sensing software are planned to spot crimes or terrorist acts • 1,000 already installed at O'Hare International Airport • A few links below: • 1. http://www.usatoday.com/news/nation/2004-09-09-chicago-surveillance_x.htm • 2. http://www.securityinfowatch.com/online/The-Latest/Chicago-to-Increase-Presence-of-Surveillance-Cameras-on-Streets/9578SIW306 • 3. http://blog.publiceye.silkblogs.com/City-of-Chicago.1771.category
Emerging City Wide Surveillance Systems With 4 millions CCTV cameras around the country, Britain is to become the first country in the world where the movements of all vehicles on the roads are recorded. Jennifer Carlile, MSNBC CHICAGO — A surveillance system that uses 2,000 remote-control cameras and motion-sensing software to spot crimes or terrorist acts as they happen is being planned for the city. Debbie Howlett, USA TODAY
Urban Defense - Britain • More than 4 million CCTV cameras operating around the country: • Britain has more video surveillance than anywhere else in the world. • 96 cameras at Heathrow airport, 1,800 in train stations, • 6,000 on the London Underground, • 260 around parliament, • 230 used for license plate recognition in the city center, and the dozens surveying West End streets. • In London it's said that the average resident is viewed by 300 cameras a day. • References http://www.msnbc.msn.com/id/5942513 http://news.independent.co.uk/uk/transport/
CCTV Limitations • CCTV surveillance has benefits: • Data centrally collected via high speed wired infrastructure • High resolution video enables face recognition • However: • Cameras cannot be installed at all locations • Cameras can be taken out (avoided) by terrorists • Central data collection facility can be sabotaged • Mobile video collection/storage platforms: • Vehicles, People, Robots • Cannot be predicted, avoided, sabotaged • Mobile “eyes” are an excellent complement to CCTV
Terrorist Bomb Van Tracking • The American Embassy in Paris has been bombed by a suicide truck • Police wants to reconstruct the approach path to uncover possible “escort” vehicles - eg conspirators who guided the VAN until the last few minutes before the attack • Street Video cameras may not be dense enough - they may also be “avoided” by motivated terrorists • Proposed solution: forensic investigation of civilian vehicles (unconscious witnesses)
Simulated Urban Scenario • Each car reads a license plate every 2 s; it generates a 60 record summary every 120 s. • Each car continually transmits (every few seconds) own last summary (no forwarding of summaries received by other cars) • Average car speed: 5 to 25 m/s • Mobility Model: Random waypoint (RWP) • Westwood map • Data Harvesting: 100 cars are “interrogated” by single agent immediately after the attack
Attack Scenario map (Westwood) Embassy
Uncovered time gap per monitored node Agent monitors 100 nodes to extract their traces Looking for “conspirators”
Actual vs monitored trajectory START Embassy Sample points collected by agent for the “worst” vehicle (ie, 200 s gap)
How secure must vehicle apps be? Safe navigation: Forward collision warning Advisories to other vehicles: ice on bridge, congestion ahead, etc • Non safety applications • Traffic monitoring (with navigator) • Pollution probing • Pavement conditions (e.g., potholes) • Content distribution • Urban surveillance Forward Collision Warning Potholes • Primary security goals: • Message integrity, secrecy and authentication • Detect misuse by naïve or malicious drivers. • Guarantee message sender privacy
Vehicular Security requirements Sender authentication Verification of data consistency Protection from Denial of Service Non-repudiation Privacy Challenge: Real-time constraint
New security requirements for urban dissemination/sensing Dissemination must be selective, private : • Example #1: A driver wants to alert all taxicabs of company A on Washington Street between 10-11pm that convention attendees need rides • Example #2: A Police Agent has detected a dangerous radiation leak: • He selectively warns private cars in the radiation area ONLY (to avid panic and chaos!) • He alerts ALL paramedics and firemen in a larger surrounding area • Example #3: FBI broadcast request to participating cars to look for specific drivers • Operation is covered; also only vehicles with proper equipment and going in a specific direction should be “volunteered”
Situation Aware Trust (SAT)critical for “selective” dissemination Situation? • Attribute based Trust • Situation elements are encoded into • some attributes • Static attributes (affiliation) • Dynamic attributes (time and place) time place affiliation Attributes bootstrapped by social networks Dynamic attributes can be predicted • Social Trust • Bootstrap initial trust • Transitive trust relations • Proactive Trust • predict dyn attributes based on mobility and location service • establish trust in advance An attribute based situation example: Yellow Cab ANDTaxi AND Washington Street AND10-11pm 8/22/08
Security: attributes and policy group A driver wants to alert all taxicabsof company A on Washington Streetbetween 10-11pmthatconvention attendees need rides Central Key Master Extension of Attribute based Encryption (ABE) scheme [IEEE S&P 07] to incorporate dynamic access tree Attribute (companyA AND taxi AND Washington St. AND 10-11am) Ciphertext Receivers who satisfy those encoded attributes (have the corresponding private key) can decrypt the message Extended ABE Module plaintext Signature
Attribute-Based Encryption(ABE) • Encrypt Data with descriptive “Attributes” • Users’ Private Keys reflect Attributes and Decryption Policies • Based on Identity based Encryption and Secret Sharing; no need for “published key” (as in PKI) as long as the “attribute based policy” is known Encrypt w/attributes sender receiver CA/PKG 56 Authority is offline master-key
Access Control via Situation-aware Policy Tree AND AND companyA 10-11 am Washington St. MSK= Master Secret Key Authority Sandra the sender SKSarah: “companyA” “10:30am” “Washtington St.” SKKevin: “companyA” “10: 20 am” “Westwood” 57
Social Trust to overcome failures How are you? People like to socialize => Social trust Leader • Future work: • establish social networks securely (eg authentication of social graph) • incorporate social relations into SAT: social network => dynamic attributes • Suppose infrastructure fails, e.g., Road Side Unit is attacked/destroyed • Social network helps maintain trust • People gang up into communities • Elected Leader plays role of RSU • ie, becomes MASTER and constructs policy group (ie, Attribute Tree) • Mobile users are situation aware • ABE based Authenticate and encrypt
C-VeTCampus - Vehicular Testbed E. Giordano, A. Ghosh, G. Marfia, S. Ho, J.S. Park, PhD System Design: Giovanni Pau, PhD Advisor: Mario Gerla, PhD
The Plan • We plan to install our node equipment in: • 30 Campus operated vehicles (including shuttles and facility management trucks). • Exploit “on a schedule” and “random” campus fleet mobility patterns • 30 Commuting Vans: Measure urban pollution, traffic congestion etc • 12 Private Vehicles: controlled motion experiments • Cross campus connectivity using 10 node Mesh (Poli Milano).
C-VeT Goals Provide: • A shared virtualized environment to test new protocols and applications • Full Virtualization • MadWiFi Virtualization (with on demand exclusive use) • Multiple OS support (Linux, Windows). Allow: • Collection of mobility traces and network statistics • Provide a platform for Urban Sensing, Geo routing etc • Deployment of innovative V2V/V2I applications
Preliminary Experiments • Equipment: • 6 Cars roaming the UCLA Campus • 802.11g radios • Routing protocol: OLSR • 1 EVDO interface in the Lead Car • 1 Remote Monitor connected to the Lead Car through EVDO and Internet • Experiments: • Connectivity map computed by OLSR • Azureus P2P application