Opportunistic Sensing: Security Challenges for the New Paradigm Michael Betancourt UCF - EEL 6788 Dr. Turgut Apu Kapadia MIT Lincoln Laboratory David Kotz.

Slides:

Advertisements

Similar presentations

Chris Karlof and David Wagner

Advertisements

Trust Management of Services in Cloud Environments:

By Md Emran Mazumder Ottawa University Student no:

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Presented by: Sheekha Khetan. Mobile Crowdsensing - individuals with sensing and computing devices collectively share information to measure and map phenomena.

Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations Presented By : Anand Dipakkumar Joshi USC.

CS 495 Application Development for Smart Devices Mobile Crowdsensing Current State and Future Challenges Mobile Crowdsensing. Overview of Crowdsensing.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

Lecture 1: Overview modified from slides of Lawrie Brown.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Data - Information - Knowledge

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Karl Aberer, Saket Sathe, Dipanjan Charkaborty, Alcherio Martinoli, Guillermo Barrenetxea, Boi Faltings, Lothar Thiele EPFL, IBM Research India, ETHZ.

Participatory Sensing Huang, Ming-Chun.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Security Issues In Sensor Networks By Priya Palanivelu.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Urban Sensing Jonathan Yang UCLA CS194 Fall 2007 Jonathan Yang UCLA CS194 Fall 2007.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

DATA SECURITY AND PRIVACY IN WIRELESS BODY AREA NETWORKS MING LI AND WENJING LOU, WORCESTER POLYTECHNIC INSTITUTE KUI REN, ILLINOIS INSTITUTE OF TECHNOLOGY.

THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.

AnonySense: Privacy-Aware People-Centric Sensing Cory Conelius, Apu Kapadia, David Kotz, Dan Peebles, Minho Shin [Institute for Security Technology Studies.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures ProtocolRelevant Attacks TinyOS beaconingBogus routing information, selective forwarding,

Cloud Usability Framework

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

A Survey of Mobile Phone Sensing Michael Ruffing CS 495.

Securing Wireless Mesh Networks By Ben Salem & Jean-Pierre Hubaux Presented by Akilesh Sadassivam (Group Leader) Harish Varadarajan Selvaganesh Dharmeswaran.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Google cloud Vs Apple Cloud Made By: Pooja Dubey (ITSNS)

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Issues Relevant To Distributed Security CSC 8320 Nidhi Gahlot.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Participatory Sensing in Commerce: Using Mobile Phones to Track Market Price Dispersion Nirupama Bulusu (Portland State University) Chun Tung Chou, Salil.

An Overview of the Smart Grid David K. Owens Chair, AABE Legislative Issues and Public Policy Committee AABE Smart Grid Working Group Webinar September.

Other Quality Attributes Other Important Quality attributes Variability: a special form of modifiability. The ability of a system and its supporting artifacts.

Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.

Preserving Privacy in Participatory Sensing Systems Authors: Kuan Lun Huang, Salil S. Kanhere (School of CS & Engg., The University of New South Wales,

Survey on Privacy-Related Technologies Presented by Richard Lin Zhou.

Chapter 5: Implementing Intrusion Prevention

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

MagicNET: Security System for Protection of Mobile Agents.

Nicholas D. Lane, Hong Lu, Shane B. Eisenman, and Andrew T. Campbell Presenter: Pete Clements Cooperative Techniques Supporting Sensor- based People-centric.

Company small business cloud solution Client UNIVERSITY OF BEDFORDSHIRE.

Chap1: Is there a Security Problem in Computing?.

1.Research Motivation 2.Existing Techniques 3.Proposed Technique 4.Limitations 5.Conclusion.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

IS3220 Information Technology Infrastructure Security

Introduction to Mobile-Cloud Computing. What is Mobile Cloud Computing? an infrastructure where both the data storage and processing happen outside of.

Presented by Edith Ngai MPhil Term 3 Presentation

Security Issues With Mobile IP

OneSwarm: Privacy Preserving P2P

Cryptography and Network Security

ONLINE SECURE DATA SERVICE

Security in SDR & cognitive radio

Presentation transcript:

Opportunistic Sensing: Security Challenges for the New Paradigm Michael Betancourt UCF - EEL 6788 Dr. Turgut Apu Kapadia MIT Lincoln Laboratory David Kotz Dartmouth College Nikos Triandopoulos Boston University

Overview 1.Introduction 2.Urban Sensing Examples 3.Applications Examples 4.Security Challenges a. Confidentiality and Privacy Issues b. Integrity Issues c. Availability Issues d. Challenges in Participatory Sensing 5. Conclusion

Introduction Opportunistic people centric sensing o Small devices carried by people that sense information o Direct or indirect relation to human activity o Environmental conditions Advantages o Leverage millions of devices o No need to manually deploy o Highly mobile and accessible Disadvantages o High risks in security o Data integrity

Urban Sensing Examples CarTel Maps traffic patterns BikeNet Bicycle network infrastructure CenceMe User activity social networking CarTel Interface BikeNet InterfaceCenceMe Interface

Application Examples Urban data collection and processing o Large scale online data collection o Being able to locate lost objects o Measuring the flow of bicycles in an urban center Environmental monitoring at the human level o Optimize energy usage for heating and cooling o Personal Environmental Impact Report

Security Challenges Overview Challenges 1.Context privacy 2.Anonymous tasking 3.Anonymous data reporting 4.Reliable data readings 5.Data authenticity 6.System integrity 7.Preventing data suppression 8.Participation 9.Fairness

Confidentiality and Privacy Issues Context Privacy Problems It is cumbersome for users to specify fine grain policies Once the data is on the server who can access the h/w Solutions Virtual walls o Group settings in categories o Only information outside the wall can be seen Faces o Data changes according to who is viewing Future Research o Determining what data can be used without being able to infer other data o Grabbing only enough data for application purpose without sacrificing usability

Confidentiality and Privacy Issues Anonymous Tasking Problems By tasking specific users it is possible to gain personal information Determining reliability of participants could reduce anonymity Solutions Tasking Service o Users download all tasks and selectively choose which to do Attribute based authentication o Users reveal only their attributes

Confidentiality and Privacy Issues Masking Users' Location Blind Tasking Transfer data to other nodes before uploading o Overall routing structure must be protected o Data needs to be encrypted to not be intercepted Hitchhiking o Only include characteristics about location o Disadvantageous for limited popularity Introduce blur and random jitter o Decreases accuracy o Amount of error needs to be constrained Automatic Spatiotemporal Blurring o Generalize location through large geographical tiles o Only upload data when enough sets are available

Integrity Issues Reliable Data Storage Problems Any participant with an appropriately configured device can report falsified data Devices are controlled by users Incentives to mask private information Solutions Redundancy o Task cloning o Fixed sensor ground truth Game Theory o Reputation based system

Integrity Issues Data Authenticity Problems Tampered data during transit Current schemes correspond to fixed sensors where there is a stable topological tree that spans sensors Solutions Cryptographoically enhanced error-correcting techniques o Encrypted data that shows if it has been tampered with Group signatures o Allows multiple groups to use a single verifying signature o Cracked signatures and be redistributed without taking down the entire infrastructure

Integrity Issues System Integrity Problems Tasks need to have their source verified Data received needs to be accurate and temporally relevant Solutions Task specific languages Secure crytographic states o Provide topological, temporal and user- related parameters to validate the information received.

Availability Issues Preventing Data Suppression Denial of Service (DoS) due to devices ignoring task requests Network availability of devices Data consuming applications could be killed by users If users are unable to control the data access, they are less likely to carry the device or permit tasks to be performed Distributed DoS (DDoS) Attack

Availability Issues Participation Problems Users must have incentives to gain mass participation Difficult to convince giving away private information with little to no benefit Solutions Convenience is key to appeal Provide incentives that are compatible with users' needs and interests Privacy-aware hybrid payoff model o Beneficial services vs privacy loss they experience

Availability Issues Fairness People centric applications provide direct benefits to users Users will try to cheat to gain better service for themselves o Tasking others to complete their tasks o Not contributing back to the community BitTorrent Inc. Logo Battlefield 2142 Cover Art

Challenges in Participatory Sensing Users are tasked and have to manually partake in gathering information Additional security challenges arise as the user may leak more information than the task specifies o Taking a picture of a menu on a table Integrity becomes difficult as the user can fabricate sensor data or not provide the correct results of the task o Ratings of a restaurant 4 Rivers Smokehouse Google User Review

Conclusion Opportunistic people centric sensing Most applications contain personal information Securing that information becomes key o Providing a service that people would want to participate o Keepings users data secure as to not be harmed o Even obscuring the data may not be enough for complete anonymity Participatory sensing needs additional security thought Questions?