Opportunistic Sensing:Security Challenges for the New Paradigm

Michael BetancourtUCF - EEL 6788

Dr. Turgut

Apu KapadiaMIT Lincoln Laboratory

David KotzDartmouth College

Nikos TriandopoulosBoston University

Overview

1. Introduction2. Urban Sensing Examples3. Applications Examples4. Security Challenges

     a. Confidentiality and Privacy Issues     b. Integrity Issues     c. Availability Issues     d. Challenges in Participatory Sensing5.  Conclusion

Introduction

• Opportunistic people centric sensingo Small devices carried by people that sense informationo Direct or indirect relation to human activityo Environmental conditions

• Advantageso Leverage millions of deviceso No need to manually deployo Highly mobile and accessible

• Disadvantageso High risks in securityo Data integrity

Urban Sensing ExamplesCarTel• Maps traffic patterns

BikeNet• Bicycle network infrastructure

CenceMe• User activity social networking CarTel Interface

BikeNet InterfaceCenceMe Interface

Application Examples

• Urban data collection and processingo Large scale online data collectiono Being able to locate lost objectso Measuring the flow of bicycles in an urban center

• Environmental monitoring at the human levelo  Optimize energy usage for heating and coolingo  Personal Environmental Impact Report

Security Challenges Overview

Challenges1. Context privacy– Anonymous tasking– Anonymous data reporting– Reliable data readings– Data authenticity– System integrity– Preventing data suppression– Participation– Fairness

Confidentiality and Privacy IssuesContext PrivacyProblems• It is cumbersome for users to specify fine grain policies• Once the data is on the server who can access the h/w

Solutions• Virtual walls

o Group settings in categorieso Only information outside the wall can be seen

• Faceso Data changes according to who is viewing

• Future Researcho Determining what data can be used without being able to

infer other datao Grabbing only enough data for application purpose

without sacrificing usability

Confidentiality and Privacy IssuesAnonymous TaskingProblems• By tasking specific users it is possible to gain personal

information• Determining reliability of participants could reduce

anonymitySolutions• Tasking Service

o Users download all tasks and selectively choose which to do

•  Attribute based authenticationo Users reveal only their attributes

Confidentiality and Privacy IssuesMasking Users' Location• Blind Tasking• Transfer data to other nodes before uploading

o Overall routing structure must be protectedo Data needs to be encrypted to not be intercepted

• Hitchhikingo Only include characteristics about locationo Disadvantageous for limited popularity

• Introduce blur and random jittero Decreases accuracyo Amount of error needs to be constrained

•  Automatic Spatiotemporal Blurringo Generalize location through large geographical tileso Only upload data when enough sets are available

Integrity IssuesReliable Data StorageProblems• Any participant with an appropriately configured device can

report falsified data• Devices are controlled by users• Incentives to mask private information

Solutions• Redundancy

o Task cloningo Fixed sensor ground truth

• Game Theoryo Reputation based system

Integrity IssuesData AuthenticityProblems• Tampered data during transit• Current schemes correspond to fixed sensors where there is

a stable topological tree that spans sensorsSolutions• Cryptographoically enhanced error-correcting techniques

o Encrypted data that shows if it has been tampered with• Group signatures

o Allows multiple groups to use a single verifying signatureo Cracked signatures and be redistributed without taking

down the entire infrastructure

Integrity IssuesSystem IntegrityProblems• Tasks need to have their source verified• Data received needs to be accurate and temporally relevant

Solutions• Task specific languages• Secure crytographic states

o Provide topological, temporal and user-related parameters to validate the information received.

Availability IssuesPreventing Data Suppression• Denial of Service (DoS) due to devices ignoring task

requests• Network availability of devices• Data consuming applications could be killed by users• If users are unable to control the data access, they are less

likely to carry the device or permit tasks to be performed

Distributed DoS (DDoS) Attack

Availability IssuesParticipationProblems• Users must have incentives to gain mass participation• Difficult to convince giving away private information with little

to no benefitSolutions• Convenience is key to appeal• Provide incentives that are compatible with users' needs and

interests• Privacy-aware hybrid payoff model

o Beneficial services vs privacy loss they experience

Availability IssuesFairness

• People centric applications provide direct benefits to users

• Users will try to cheat to gain better service for themselveso Tasking others to complete

their taskso Not contributing back to the

community

BitTorrent Inc. Logo

Battlefield 2142 Cover Art

Challenges in Participatory Sensing

• Users are tasked and have to manually partake in gathering information

• Additional security challenges arise as the user may leak more information than the task specifieso Taking a picture of a menu on a table

• Integrity becomes difficult as the user can fabricate sensor data or not provide the correct results of the tasko Ratings of a restaurant

4 Rivers Smokehouse Google User Review

Conclusion

• Opportunistic people centric sensing• Most applications contain personal information• Securing that information becomes key

o Providing a service that people would want to participateo Keepings users data secure as to not be harmedo Even obscuring the data may not be enough for complete

anonymity• Participatory sensing needs additional security thought• Questions?