Opportunistic Sensing: Security Challenges for the New Paradigm Apu Kapadia MIT Lincoln Laboratory David Kotz Dartmouth College Nikos Triandopoulos Boston University Michael Betancourt UCF - EEL 6788 Dr. Turgut Overview 1. Introduction 2. Urban Sensing Examples 3. Applications Examples 4. Security Challenges a. Confidentiality and Privacy Issues b. Integrity Issues c. Availability Issues d. Challenges in Participatory Sensing 5. Conclusion Introduction • Opportunistic people centric sensing o Small devices carried by people that sense information o Direct or indirect relation to human activity o Environmental conditions • Advantages o Leverage millions of devices o No need to manually deploy o Highly mobile and accessible • Disadvantages o High risks in security o Data integrity Urban Sensing Examples CarTel • Maps traffic patterns BikeNet • Bicycle network infrastructure CenceMe • User activity social networking CarTel Interface CenceMe Interface BikeNet Interface Application Examples • Urban data collection and processing o Large scale online data collection o Being able to locate lost objects o Measuring the flow of bicycles in an urban center • Environmental monitoring at the human level o Optimize energy usage for heating and cooling o Personal Environmental Impact Report Security Challenges Overview Challenges 1. Context privacy 2. Anonymous tasking 3. Anonymous data reporting 4. Reliable data readings 5. Data authenticity 6. System integrity 7. Preventing data suppression 8. Participation 9. Fairness Confidentiality and Privacy Issues Context Privacy Problems • It is cumbersome for users to specify fine grain policies • Once the data is on the server who can access the h/w Solutions • Virtual walls o Group settings in categories o Only information outside the wall can be seen • Faces o Data changes according to who is viewing • Future Research o Determining what data can be used without being able to infer other data o Grabbing only enough data for application purpose without sacrificing usability Confidentiality and Privacy Issues Anonymous Tasking Problems • By tasking specific users it is possible to gain personal information • Determining reliability of participants could reduce anonymity Solutions • Tasking Service o Users download all tasks and selectively choose which to do • Attribute based authentication o Users reveal only their attributes Confidentiality and Privacy Issues Masking Users' Location • Blind Tasking • Transfer data to other nodes before uploading o Overall routing structure must be protected o Data needs to be encrypted to not be intercepted • Hitchhiking o Only include characteristics about location o Disadvantageous for limited popularity • Introduce blur and random jitter o Decreases accuracy o Amount of error needs to be constrained • Automatic Spatiotemporal Blurring o Generalize location through large geographical tiles o Only upload data when enough sets are available Integrity Issues Reliable Data Storage Problems • Any participant with an appropriately configured device can report falsified data • Devices are controlled by users • Incentives to mask private information Solutions • Redundancy o Task cloning o Fixed sensor ground truth • Game Theory o Reputation based system Integrity Issues Data Authenticity Problems • Tampered data during transit • Current schemes correspond to fixed sensors where there is a stable topological tree that spans sensors Solutions • Cryptographoically enhanced error-correcting techniques o Encrypted data that shows if it has been tampered with • Group signatures o Allows multiple groups to use a single verifying signature o Cracked signatures and be redistributed without taking down the entire infrastructure Integrity Issues System Integrity Problems • Tasks need to have their source verified • Data received needs to be accurate and temporally relevant Solutions • Task specific languages • Secure crytographic states o Provide topological, temporal and userrelated parameters to validate the information received. Availability Issues Preventing Data Suppression • Denial of Service (DoS) due to devices ignoring task requests • Network availability of devices • Data consuming applications could be killed by users • If users are unable to control the data access, they are less likely to carry the device or permit tasks to be performed Distributed DoS (DDoS) Attack Availability Issues Participation Problems • Users must have incentives to gain mass participation • Difficult to convince giving away private information with little to no benefit Solutions • Convenience is key to appeal • Provide incentives that are compatible with users' needs and interests • Privacy-aware hybrid payoff model o Beneficial services vs privacy loss they experience Availability Issues Fairness • People centric applications provide direct benefits to users • Users will try to cheat to gain better service for themselves o Tasking others to complete their tasks o Not contributing back to the community BitTorrent Inc. Logo Battlefield 2142 Cover Art Challenges in Participatory Sensing • Users are tasked and have to manually partake in gathering information • Additional security challenges arise as the user may leak more information than the task specifies o Taking a picture of a menu on a table • Integrity becomes difficult as the user can fabricate sensor data or not provide the correct results of the task o Ratings of a restaurant 4 Rivers Smokehouse Google User Review Conclusion • Opportunistic people centric sensing • Most applications contain personal information • Securing that information becomes key o Providing a service that people would want to participate o Keepings users data secure as to not be harmed o Even obscuring the data may not be enough for complete anonymity • Participatory sensing needs additional security thought • Questions?