AnonySense: Privacy-Aware People-Centric Sensing Leith Tussing EEL 6788 Spring 2010University of Central Florida Overview Introduction Security Risks Architecture Protocols Evaluation Future Work ResourcesUniversity of Central Florida Introduction Data collection through personal mobile devices is quickly becoming a viable option for mass data gathering. Mobile devices are becoming more feature rich with each iterative generation. What used to be a multi thousand dollar bulky unit is now a sub $100 cell phone. As the micro computer replaced the mainframe systems of yore, mobile devices are rapidly replacing the desktop and laptop machines of today.University of Central Florida Introduction (continued) Mobile devices will be the super computers of tomorrow. Time slicing tasks across billions of free floating devices. As of the end of 2009 60% (4 billion) of the world population use cell phones. As mobile devices are more widely used for data collection the larger the risk of privacy invasion of user’s data and personal information. As you collect more accurate data you end up with less privacy for the individual collecting the data. Inversely increasing the privacy results in less accurate data for those requesting information.University of Central Florida Introduction (continued) More researchers are turning to opportunistic sensing to gather results where there is no fixed sensing or the inability to add it. Even though it’s a best-effort service it offers a low cost and large mobile infrastructure. Issues with opportunistic sensing 1. Heterogeneous & unpredictable collection of devices 2. Interface via autonomous WAPs & public Internet 3. Poses new and mostly untackled security risks.University of Central Florida Security Risks Location/Time based user identifications attacks Rogue AP hosting & spoofing Mobile device/sensor/software tampering Maliciously crafted tasks Server spoofing Packet sniffing Data spoofing/manipulationUniversity of Central Florida AnonySense Architecture The author’s of this paper proposed and implemented a prototype of a system they called AnonySense, “a privacy-aware architecture for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices.” An application independent infrastructure for handling anonymous tasking and reporting. Built on the idea of minimal trust and task separation to minimize risk.University of Central Florida Architecture: Mobile Nodes Mobile Nodes (MN) These are the physical devices carried by people or attached to objects. MNs communicate with the TS & RS via WAPs. WAPs and their providers are untrusted entities. All communications are done over SSL encrypted channels to prevent compromised WAPs from viewing or changing data. MNs use MAC rotation to prevent WAPs from tracking their activity. MNs sign all traffic with short-group keys to prevent unique key signings being used to track traffic back to a single MN. MNs only trust tasks from the TS that match signed certificates from the RS.University of Central Florida Short-Group Signature A Group Signature scheme is a way for allowing an anonymous member of a group to sign a message on behalf of the group. The key aspects of a GS scheme are; Soundness and Completeness, Unforgeable, Anonymity, Traceability, Unlinkability, No Framing, and Unforgeable tracing verification. A Short-Group Signature is one with a signature length less than 200 bytes compared to an RSA based Group Signature which can be 2 kb (2048 bytes) or larger.University of Central Florida Architecture: Registration Authority Registration Authority (RA) Registers the MNs that wish to participate. Verifies interpreter is properly installed and sensors are calibrated. Verifies MN attributes. Installs private “short-group key” for signing reports anonymously. Issues certificates to the TS and RS. This gives the ability to verify the authenticity of the services. The RA trusts nothing about any other component. The RA validates the quantity and types of MNs to prevent targeted tasks from being run that may expose specific MNs. A group must consist of a minimum number of MNs before a task can be run against them to protect the MNs.University of Central Florida Architecture: Task Service Task Service (TS) Accepts tasks from applications using AnonySense, performs consistency checking, and distributes tasks to MNs as they request new ones. The TS does not trust calling applications, therefore every task is validated for syntax correctness by the TS and tagged with a unique identifier.University of Central Florida Architecture: Report Service Report Service (RS) Stores the received reports from MNs and provides data to queries from applications. The RS only trusts tasks that the RA label as valid for dissipation to MNs. Like the TS the RS also does not trust calling applications and requires identification verification prior to permitting it to get report data.University of Central Florida Architecture: MIX Network Mix Network (MIX) Anonymizing remailing SMTP servers that utilize encrypted communication channels. The software used is Mixmaster. Gathers report emails from the MNs and holds on to them until a minimum threshold of messages are reached. Once this threshold is reached it passes them along to the RS. Multiple MIX servers are used and MNs randomize which ones they send various messages to. By limiting the span that reports come in to the RS and the MIX servers they come from you anonymize the MNs that send the data. Introduces an increased level of latency though for increased privacy.University of Central Florida Architecture: AnonyTL To simplify tasks and enhance security they defined their own language called AnonyTL. AnonyTL specifies a tasks behavior in terms of acceptance conditions, report statements, and termination conditions. No code is ever actual transmitted, only instructions. This keeps data packets small and secure. This prevents the system from ever interacting with functions outside of its definition or allowing data to be injected. AnonyTL uses a Lisp-like syntax.University of Central Florida AnonyTLUniversity of Central Florida Protocols: Tasking Protocol Tasking Protocol All
View Full Document
Unlocking...