210 likes | 413 Views
Securing Public Spaces with Sensor Networks: Science, Technology, and Privacy. Stephen Wicker Cornell University. TRUST Activity . TRUST is engaged in the development of embedded secure sensor networks Integrated center R&D at all levels Sensor Technology Networks Applications
E N D
Securing Public Spaces with Sensor Networks: Science, Technology, and Privacy Stephen Wicker Cornell University
TRUST Activity • TRUST is engaged in the development of embedded secure sensor networks • Integrated center R&D at all levels • Sensor Technology • Networks • Applications • Policy/Legal Issues • Activity at several members schools and Oak Ridge is being merged into capstone projects • Goal: Demonstration technologies and implemented policies
Sensors for Bio-Defense • Bi-layer lipid membrane used to create designer bio-sensors • When target analyte binds to protein, ion channel conductivity increases. • Currently considering use in water supply protection. • Sensor performance statistics used to define networking requirements. • Outside Player: NY Dept of Health/ WadsworthLaboratories
Long-Term Power Sources for Embedded Sensors • Radiation-powered batteries for embedded sensor platforms • Radio-isotopes have the possibility of a 50 year life with a continuous power density of 1-10ma/cm3. • SiC based beta-voltaic cell has been developed and tested. • Best measured power density for Ni-63 source 5.6nW/cm2with 4.4% efficiency. • Best measured power density for tritium source ~1uW/cm2 with 10% efficiency.
Sensor Platform Technologies • CU Asynchronous Processor • Event-driven execution is ideal for sensor platforms • Clockless logic • Spurious signal transitions (wasted power) eliminated • Hardware only active if it is used for the computation • MIPS: high-performance • 24pJ/ins and 28 MIPS @ 0.6V
Designer OS for Sensor Networks • Tiny OS • Large, active open source community: • 500 research groups worldwide • OEP for DARPA Network Embedded Systems Technology • Thousands of active implementations - the world’s largest (distributed)sensor testbed • MagnetOS: Provide a unifying single-system image abstraction • The entire network looks like a single Javavirtual machine • MagnetOS performs automatic partitioning • Converts applications into distributed components that communicate over a network • MagnetOS provides transparent component migration • Moves application components within the network to improve performance metrics MagnetOS Rewriter
Sextant: Node Localization • Use of large numbers of randomly distributed nodes creates need to discover geographic location • GPS is bulky, expensive, power-hungry • Set up a set of geographic constraints and solve it in a distributed fashion • Aggressively extract constraints • Use just a few landmarks (e.g. GPS nodes) to anchor the constraints • Can determine node location with good accuracy, without GPS or other dedicated hardware
SHARP: Hybrid Routing Protocol • Two extremes in routing • Proactive: disseminate routes regardless of need • Reactive: discover routes when necessary • Neither are optimal for dynamic sensor networks • SHARP adaptively finds the balance point between reactive and proactive routing • Enables multiple nodes in the network to optimize the routing layer for different metrics • Outperforms purely reactive and proactive approaches across a range of network conditions
Self-Configuration at all Levels • Motivations for Game Theory/Mechanism Design • Efficiency: ability of market-based distributed control mechanisms to move complex networks toward optimal operating points. • Scalability:distributed decision-making inherent in market settings. • Interaction and decisions are local, obviating the need for a global perspective (which is both memory- and computationally-intensive). • Critical Tools: Equilibrium concepts, utility-based decision making, and bargaining. • ECE, CS, and Economics at several schools
Securing the Sensor Network • Key Thrust at CMU • Secure building blocks • Secure key distribution • Secure node-to-node and broadcast communication • Secure routing • Secure information aggregation • Real-time aspects and security • Secure middleware • Secure information processing • Sensing biometrics • Sensor database processing • Internet-scale sensor networks
Application: Security in Public Spaces • July 2005 London bombings highlights need for sensors in public places • Also the extent of ongoing surveillance • See also Tokyo gas attacks, etc. • More modern infrastructure in most US urban settings creates opportunities.
Sensor Networks in Public Places • Protecting Infrastructure • Opportunities for embedding sensor networks • Transportation • Storage and Delivery of Water and Fuel • Power Grid • TRUST is emphasizing development of supporting technology for randomly distributed sensors • Buildings • Combine surveillance with energy control • Integrate into building materials • Open Spaces (parks, plazas, etc.) • Combine surveillance with environmental monitoring • Line-of-sight surveillance technologies
Oak Ridge/SensorNet Multiple Domains National Warning and Alert System Regional Level Network Services Single Domain
Transportation Based Threat Assessment Demonstration • Establish truck RAD profile • Predict manifest RAD profile • Fuse external data sources • Compare with past scans • Determine if acceptable • Trucks can by-pass • Mobile system under development • Rapidly Deployable • Low profile • Integrated into Law Enforcement
Privacy Issues Arise*… • Technology leaves policy behind • Internet-controllable cameras in Berkeley plaza • Kyllo case • Many sensor networks collect personally identifiable information (PII) • (Intended) Monitoring activities of the elderly so they can safely live at home • Network of highway monitors that can sense FastTRAK transponders in automobiles • (Unintended) - Sensing persons in buildings as part of embedded sensing for disaster preparedness or light savings • Comprehensive information privacy regulations in EU and other countries, but not in US *Thanks to P. Samuelson, D. Mulligan, Bolt School of Law
Constitutional Boundaries? • US v. Miller: persons have no protectable privacy interest in data about them held by third parties • e.g., images of personal checks held by banking institutions • sensor network data will be in hands of others • Kyllo v. US: use of heat-sensing technology violated 4th A. (5-4 decision) • "[w]here, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a 'search' and is presumptively unreasonable without a warrant.” Justice Scalia • "observations were made with a fairly primitive thermal imager that gathered data exposed on the outside of [Kyllo's] home but did not invade any constitutionally protected interest in privacy," and were, thus, "information in the public domain.” Justice Stevens, in dissent
Policy Development • Extend Fair Information Practices • Limitations on collection of data (only get what you need); destroy data after need is fulfilled • Right to collect data for specific purpose only (if want to reuse for other purpose, you have to get new permission) • Notice of data collection/purpose and consent • Obligations to keep data accurate, secure • Subject has right of access to check data accuracy, insist on changes • Accountability if data is incorrect or disclosed
TRUST Capstone Projects • Integrate Science, Technology, and Policy • Oak Ridge SensorNet Project • Balancing security against privacy • Issues: Limiting acuity to meet security needs only • Remote Sensing/Medical Portal Project • Remote monitoring of cardiac patients • Issues: Privacy-aware transport, variable levels of access • Museum Project • Expressive AI projects using sensors to monitor patrons at public demonstrations • Issues: Minimization of acuity, single-use, notification • Policy Development • Cross-cutting effort to refine best practices in light of new and future sensor technologies.
Security Thrusts • Develop Taxonomy of Attacks • Attacks with and without defined defenses • Generic basis on which to evaluate new networks • Characterizing Worst-Case Results • Statistical learning proposed as a means for determining what can be inferred from data • One basis for evaluating privacy concerns • Ties into privacy road map
Privacy Thrusts • Noted that policy instruments lag technology development • Proposed development of Privacy Road Map that will frontload policy development • Map sensor capabilities and network mission into deployment and data use rules • Key near-term: RFIDs, broad-based visual surveillance • Raises issue of impact of network configuration and heterogeneity on road map • Approach: Extend fair information practices to cover sensor nets at regulatory or legislative level • Consent enablement is an important issue