Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

SecurityChallenges

advertisement 
Opportunistic Sensing:
Security Challenges for the New Paradigm
Apu Kapadia
MIT Lincoln Laboratory
David Kotz
Dartmouth College
Nikos Triandopoulos
Boston University
Michael Betancourt
UCF - EEL 6788
Dr. Turgut
Overview
1. Introduction
2. Urban Sensing Examples
3. Applications Examples
4. Security Challenges
a. Confidentiality and Privacy Issues
b. Integrity Issues
c. Availability Issues
d. Challenges in Participatory Sensing
5. Conclusion
Introduction
• Opportunistic people centric sensing
o Small devices carried by people that sense information
o Direct or indirect relation to human activity
o Environmental conditions
• Advantages
o Leverage millions of devices
o No need to manually deploy
o Highly mobile and accessible
• Disadvantages
o High risks in security
o Data integrity
Urban Sensing Examples
CarTel
• Maps traffic patterns
BikeNet
• Bicycle network infrastructure
CenceMe
• User activity social networking
CarTel Interface
CenceMe Interface
BikeNet Interface
Application Examples
• Urban data collection and processing
o Large scale online data collection
o Being able to locate lost objects
o Measuring the flow of bicycles in an urban center
• Environmental monitoring at the human level
o Optimize energy usage for heating and cooling
o Personal Environmental Impact Report
Security Challenges Overview
Challenges
1. Context privacy
2. Anonymous tasking
3. Anonymous data reporting
4. Reliable data readings
5. Data authenticity
6. System integrity
7. Preventing data suppression
8. Participation
9. Fairness
Confidentiality and Privacy Issues
Context Privacy
Problems
• It is cumbersome for users to specify fine grain policies
• Once the data is on the server who can access the h/w
Solutions
• Virtual walls
o Group settings in categories
o Only information outside the wall can be seen
• Faces
o Data changes according to who is viewing
• Future Research
o Determining what data can be used without being able to
infer other data
o Grabbing only enough data for application purpose
without sacrificing usability
Confidentiality and Privacy Issues
Anonymous Tasking
Problems
• By tasking specific users it is possible to gain personal
information
• Determining reliability of participants could reduce
anonymity
Solutions
• Tasking Service
o Users download all tasks and selectively choose which to
do
• Attribute based authentication
o Users reveal only their attributes
Confidentiality and Privacy Issues
Masking Users' Location
• Blind Tasking
• Transfer data to other nodes before uploading
o Overall routing structure must be protected
o Data needs to be encrypted to not be intercepted
• Hitchhiking
o Only include characteristics about location
o Disadvantageous for limited popularity
• Introduce blur and random jitter
o Decreases accuracy
o Amount of error needs to be constrained
• Automatic Spatiotemporal Blurring
o Generalize location through large geographical tiles
o Only upload data when enough sets are available
Integrity Issues
Reliable Data Storage
Problems
• Any participant with an appropriately configured device can
report falsified data
• Devices are controlled by users
• Incentives to mask private information
Solutions
• Redundancy
o Task cloning
o Fixed sensor ground truth
• Game Theory
o Reputation based system
Integrity Issues
Data Authenticity
Problems
• Tampered data during transit
• Current schemes correspond to fixed sensors where there is
a stable topological tree that spans sensors
Solutions
• Cryptographoically enhanced error-correcting techniques
o Encrypted data that shows if it has been tampered with
• Group signatures
o Allows multiple groups to use a single verifying signature
o Cracked signatures and be redistributed without taking
down the entire infrastructure
Integrity Issues
System Integrity
Problems
• Tasks need to have their source verified
• Data received needs to be accurate and temporally relevant
Solutions
• Task specific languages
• Secure crytographic states
o Provide topological, temporal and userrelated parameters to validate the information received.
Availability Issues
Preventing Data Suppression
• Denial of Service (DoS) due to devices ignoring task
requests
• Network availability of devices
• Data consuming applications could be killed by users
• If users are unable to control the data access, they are less
likely to carry the device or permit tasks to be performed
Distributed DoS (DDoS) Attack
Availability Issues
Participation
Problems
• Users must have incentives to gain mass participation
• Difficult to convince giving away private information with little
to no benefit
Solutions
• Convenience is key to appeal
• Provide incentives that are compatible with users' needs and
interests
• Privacy-aware hybrid payoff model
o Beneficial services vs privacy loss they experience
Availability Issues
Fairness
• People centric applications
provide direct benefits to users
• Users will try to cheat to gain
better service for themselves
o Tasking others to complete
their tasks
o Not contributing back to the
community
BitTorrent Inc. Logo
Battlefield 2142 Cover Art
Challenges in Participatory Sensing
• Users are tasked and have to manually partake in gathering
information
• Additional security challenges arise as the user may leak
more information than the task specifies
o Taking a picture of a menu on a table
• Integrity becomes difficult as the user can fabricate sensor
data or not provide the correct results of the task
o Ratings of a restaurant
4 Rivers Smokehouse Google User Review
Conclusion
• Opportunistic people centric sensing
• Most applications contain personal information
• Securing that information becomes key
o Providing a service that people would want to participate
o Keepings users data secure as to not be harmed
o Even obscuring the data may not be enough for complete
anonymity
• Participatory sensing needs additional security thought
• Questions?
Related documents
Urban Sensing Systems: Opportunistic or Participatory?
Urban Sensing Systems: Opportunistic or Participatory?
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Remote sensing
Remote sensing
Capabilities for Learning About Customers and
Capabilities for Learning About Customers and
trodd_multifaceted_remote_sensin
trodd_multifaceted_remote_sensin
Lecture for Chapter 2.3 (Fall 09)
Lecture for Chapter 2.3 (Fall 09)
Urban Sensing: Opportunistic or Participatory?
Urban Sensing: Opportunistic or Participatory?
Instance Based Social Network Representation
Instance Based Social Network Representation
Webinar Powerpoint presentation
Webinar Powerpoint presentation
Efficient and Privacy-Aware Data Aggregation in Mobile Sensing
Efficient and Privacy-Aware Data Aggregation in Mobile Sensing
Download
advertisement