Opportunistic Sensing:

Security Challenges for the New Paradigm

Apu Kapadia
MIT Lincoln Laboratory

David Kotz
Dartmouth College

Nikos Triandopoulos
Boston University

Michael Betancourt
UCF - EEL 6788
Dr. Turgut

Overview
1. Introduction
2. Urban Sensing Examples
3. Applications Examples
4. Security Challenges
a. Confidentiality and Privacy Issues
b. Integrity Issues
c. Availability Issues
d. Challenges in Participatory Sensing
5. Conclusion

Introduction
Opportunistic people centric sensing
o Small devices carried by people that sense information
o Direct or indirect relation to human activity
o Environmental conditions
Advantages
o Leverage millions of devices
o No need to manually deploy
o Highly mobile and accessible
Disadvantages
o High risks in security
o Data integrity

Urban Sensing Examples

CarTel
Maps traffic patterns
BikeNet
Bicycle network infrastructure
CenceMe
User activity social networking

CarTel Interface

CenceMe Interface

BikeNet Interface

Application Examples
Urban data collection and processing
o Large scale online data collection
o Being able to locate lost objects
o Measuring the flow of bicycles in an urban center
Environmental monitoring at the human level
o Optimize energy usage for heating and cooling
o Personal Environmental Impact Report

Security Challenges Overview

Challenges
1. Context privacy
2. Anonymous tasking
3. Anonymous data reporting
4. Reliable data readings
5. Data authenticity
6. System integrity
7. Preventing data suppression
8. Participation
9. Fairness

Confidentiality and Privacy Issues

Context Privacy
Problems
It is cumbersome for users to specify fine grain policies
Once the data is on the server who can access the h/w
Solutions
Virtual walls
o Group settings in categories
o Only information outside the wall can be seen
Faces
o Data changes according to who is viewing
Future Research
o Determining what data can be used without being able to
infer other data
o Grabbing only enough data for application purpose
without sacrificing usability

Confidentiality and Privacy Issues

Anonymous Tasking
Problems
By tasking specific users it is possible to gain personal
information
Determining reliability of participants could reduce
anonymity
Solutions
Tasking Service
o Users download all tasks and selectively choose which to
do
Attribute based authentication
o Users reveal only their attributes

Confidentiality and Privacy Issues

Masking Users' Location
Blind Tasking
Transfer data to other nodes before uploading
o Overall routing structure must be protected
o Data needs to be encrypted to not be intercepted
Hitchhiking
o Only include characteristics about location
o Disadvantageous for limited popularity
Introduce blur and random jitter
o Decreases accuracy
o Amount of error needs to be constrained
Automatic Spatiotemporal Blurring
o Generalize location through large geographical tiles
o Only upload data when enough sets are available

Integrity Issues
Reliable Data Storage
Problems
Any participant with an appropriately configured device can
report falsified data
Devices are controlled by users
Incentives to mask private information
Solutions
Redundancy
o Task cloning
o Fixed sensor ground truth
Game Theory
o Reputation based system

Integrity Issues
Data Authenticity
Problems
Tampered data during transit
Current schemes correspond to fixed sensors where there is
a stable topological tree that spans sensors
Solutions
Cryptographoically enhanced error-correcting techniques
o Encrypted data that shows if it has been tampered with
Group signatures
o Allows multiple groups to use a single verifying signature
o Cracked signatures and be redistributed without taking
down the entire infrastructure

Integrity Issues
System Integrity
Problems
Tasks need to have their source verified
Data received needs to be accurate and temporally relevant
Solutions
Task specific languages
Secure crytographic states
o Provide topological, temporal and userrelated parameters to validate the information received.

Availability Issues
Preventing Data Suppression
Denial of Service (DoS) due to devices ignoring task
requests
Network availability of devices
Data consuming applications could be killed by users
If users are unable to control the data access, they are less
likely to carry the device or permit tasks to be performed

Distributed DoS (DDoS) Attack

Availability Issues
Participation
Problems
Users must have incentives to gain mass participation
Difficult to convince giving away private information with little
to no benefit
Solutions
Convenience is key to appeal
Provide incentives that are compatible with users' needs and
interests
Privacy-aware hybrid payoff model
o Beneficial services vs privacy loss they experience

Availability Issues
Fairness
People centric applications
provide direct benefits to users
Users will try to cheat to gain
better service for themselves
o Tasking others to complete
their tasks
o Not contributing back to the
community

BitTorrent Inc. Logo

Battlefield 2142 Cover Art

Challenges in Participatory Sensing

Users are tasked and have to manually partake in gathering
information
Additional security challenges arise as the user may leak
more information than the task specifies
o Taking a picture of a menu on a table
Integrity becomes difficult as the user can fabricate sensor
data or not provide the correct results of the task
o Ratings of a restaurant

4 Rivers Smokehouse Google User Review

Conclusion
Opportunistic people centric sensing
Most applications contain personal information
Securing that information becomes key
o Providing a service that people would want to participate
o Keepings users data secure as to not be harmed
o Even obscuring the data may not be enough for complete
anonymity
Participatory sensing needs additional security thought
Questions?