skip to main content
research-article

Combating Software and Sybil Attacks to Data Integrity in Crowd-Sourced Embedded Systems

Authors Info & Claims
Published:06 October 2014Publication History
Skip Abstract Section

Abstract

Crowd-sourced mobile embedded systems allow people to contribute sensor data, for critical applications, including transportation, emergency response and eHealth. Data integrity becomes imperative as malicious participants can launch software and Sybil attacks modifying the sensing platform and data. To address these attacks, we develop (1) a Trusted Sensing Peripheral (TSP) enabling collection of high-integrity raw or aggregated data, and participation in applications requiring additional modalities; and (2) a Secure Tasking and Aggregation Protocol (STAP) enabling aggregation of TSP trusted readings by untrusted intermediaries, while efficiently detecting fabricators. Evaluations demonstrate that TSP and STAP are practical and energy-efficient.

References

  1. Advanced Micro Devices. SVM: AMD's virtualization technology. www.xen.org/files/xs0106_amd_virtualization.pdf.Google ScholarGoogle Scholar
  2. E. Agapie, G. Chen, and D. Houston et al. 2008. Seeing our signals: Combining location traces and Web-based models for personal discovery. In Proceedings of ACM HotMobile. 6--10. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. B. An, F. Ordez, M. Tambe, E. Shieh, R. Yang, C. Baldwin, J. DiRenzo, K. Moretti, B. Maule, and G. Meyer. 2013. A deployed quantal response-based patrol planning system for the U.S. Coast Guard. Interfaces 43, 5, 400--420. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. R. Anderson. 2003. ‘Trusted Computing’ frequently asked questions. http://www.cl.cam.ac.uk/~rja14/tcpa- faq.html.Google ScholarGoogle Scholar
  5. Atmel Corporation. The Atmel trusted platform module. www.atmel.com/dyn/resources/prod_documents/doc5128.pdf.Google ScholarGoogle Scholar
  6. N. Baughman and B. Levine. 2001. Cheat-proof playout for centralized and distributed online games. In Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM).Google ScholarGoogle Scholar
  7. Bluetooth Special Interest Group. 2009. Core version 3.0 + HS. https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=174214.Google ScholarGoogle Scholar
  8. J. Burke, D. Estrin, M. Hansen, A. Parker, N. Ramanathan, S. Reddy, and M. Srivastava. 2006. Participatory sensing. In Proceedings of the ACM Sensys Workshop on World-Sensor-Web.Google ScholarGoogle Scholar
  9. D. Chaum, I. Damgård, and J. van de Graaf. 1987. Multiparty computations ensuring privacy of each party's input and correctness of the result. In Advances in Cryptology, Springer, 87--119. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. CNN. CNN iReport - Share your story, discuss the issues with CNN.com. http://www.ireport.com/.Google ScholarGoogle Scholar
  11. P. Denantes, F. Bénézit, P. Thiran, and M. Vetterli. 2008. Which distributed averaging algorithm should I choose for my sensor network? In Proceedings of the 27th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies (INFOCOM). 986--994.Google ScholarGoogle Scholar
  12. R. Dingledine, N. Mathewson, and P. Syverson. 2004. Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Douceur. 2002. The Sybil attack. In Proceedings of the IPTPS Workshop. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. A. Dua, N. Bulusu, W. Feng, and W. Hu. 2009. Towards trustworthy participatory sensing. In Proceedings of the 4th USENIX Workshop on Hot Topics in Security (HotSec). Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. S. Eisenman, E. Miluzzo, N. Lane, R. Peterson, G. Ahn, and A. Campbell. 2007. TheBikeNet mobile sensing system for cyclist experience mapping. In Proceedings of the 5th International Conference on Embedded Networked Sensor Systems. ACM, 87--101. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. A. Francillon and C. Castelluccia. 2008. Code injection attacks on Harvard-architecture devices. In Proceedings of the 15th ACM Conference on Computer and Communications Security. 15--26. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. Ganeriwal, L. Balzano, and M. Srivastava. 2008. Reputation-based framework for high integrity sensor networks. ACM Trans. Sens. Netw. 4, 3. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. 2003. Terra: A virtual machine-based platform for trusted computing. ACM SIGOPS Oper. Syst. Rev. 37, 5, 206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. P. Gilbert, J. Jung, K. Lee, H. Qin, D. Sharkey, A. Sheth, and L. P. Cox. 2011. Youprove: authenticity and fidelity in mobile sensing. In Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys). 176--189. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. K. Higgins. 2010. Smartphone Weather App Builds a Mobile Botnet. http://www.darkreading. com/insiderthreat/security/client/showArticle.jhtml?articleID=223200001.Google ScholarGoogle Scholar
  21. W. Hu, P. Corke, W. C. Shih, and L. Overs. 2009. secFleck: A public key technology platform for wireless sensor networks. In Proceedings of EWSN. 296--311. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. B. Hull, V. Bychkovsky, Y. Zhang, K. Chen, M. Goraczko, A. Miu, E. Shih, H. Balakrishnan, and S. Madden. 2006. Cartel: A distributed mobile sensor computing system. In Proceedings of ACM SenSys. 125--138. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Intel Corporation. Intel trusted execution technology. http://www.intel.com/technology/security/.Google ScholarGoogle Scholar
  24. A. Kapadia, N. Triandopoulos, C. Cornelius, D. Peebles, and D. Kotz. 2008. Anony- Sense: Opportunistic and privacy-preserving context collection. In Lecture Notes in Computer Science, vol. 5013, 280. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. D. Korzhyk, Z. Yin, C. Kiekintveld, V. Conitzer, and M. Tambe. 2011. Stackelberg vs Nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. J. Artif. Int. Res. 41, 2, 297--327. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. N. Lathia, K. K. Rachuri, C. Mascolo, and P. J. Rentfrow. 2013. Contextual dissonance: Design bias in sensor-based experience sampling methods. In Proceedings of the ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp). 183--192. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In Proceedings of ACM SIGOPS/EuroSys. 315--328. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. S. Nath, J. Liu, J. Miller, F. Zhao, and A. Santanche. 2006. SensorMap: A Web site for sensors world-wide. In Proceedings of ACM SenSys. 373--374. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. openssl.org. Openssl: The open source toolkit for ssl/tls. http://www.openssl.org/.Google ScholarGoogle Scholar
  30. J. Padgette, K. Scarfone, and L. Chen. 2012. Guide to Bluetooth Security. http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf.Google ScholarGoogle Scholar
  31. E. Paulos, I. Smith, and R. Honicky. Participatory urbanism. http://www.urban-atmospheres.net/ParticipatoryUrbanism/index.html.Google ScholarGoogle Scholar
  32. R. A. Popa, H. Balakrishnan, and A. J. Blumberg. 2009. Vpriv: Protecting privacy in location-based vehicular services. In Proceedings of the USENIX Security Symposium. 335--350. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. B. Przydatek, D. Song, and A. Perrig. 2003. SIA: Secure Information Aggregation in Sensor Networks. In Proceedings of ACM SenSys. 255--265. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. V. Rastogi and S. Nath. 2010. Differentially private aggregation of distributed time-series with transformation and encryption. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 735--746. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. S. Reddy, A. Parker, J. Hyman, J. Burke, D. Estrin, and M. Hansen. 2007. Image browsing, processing, and clustering for participatory sensing: Lessons from a DietSense prototype. In Proceedings of ACM SenSys. 13--17. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. R. Sailer, X. Zhang, T. Jaeger, and L. Van Doorn. 2004. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the USENIX Security Symposium. 223--238. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. B. Schneier. 2002. Palladium and the TCPA. http://www.schneier.com/crypto-gram-0208.html#1.Google ScholarGoogle Scholar
  38. A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. 2005. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In Proceedings of ACM SIGOPS 39, 5, 1--16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. A. Seshadri, A. Perrig, L. Van Doorn, and P. Khosla. 2004. SWATT: Software-based attestation for embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy. Citeseer, 272--282.Google ScholarGoogle Scholar
  40. A. Sharma, L. Golubchik, and R. Govindan. 2007. On the prevalence of sensor faults in real-world deployments. In Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON). 213--222.Google ScholarGoogle Scholar
  41. E. Shi, T.-H. H. Chan, E. G. Rieffel, R. Chow, and D. Song. 2011. Privacy-preserving aggregation of time-series data. In Proceedings of NDSS. Vol. 2. 4.Google ScholarGoogle Scholar
  42. P. Sikka, P. Corke, L. Overs, P. Valencia, and T. Wark. 2007. Fleck: A platform for real-world outdoor sensor networks. In Proceedings of the 3rd International Conference on Intelligent Sensors, Sensor Networks and Information. 709--714.Google ScholarGoogle Scholar
  43. F. Stajano and R. Anderson. 2000. The resurrecting duckling: Security issues for ad-hoc wireless networks. Lecture Notes in Computer Science, vol. 1796, 172--182. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. The H. Security. 2010. Hacker extracts crypto key from TPM chip. http://www.h-online.com/security/news/item/Hacker-extracts-crypto-key-from-TPM-chip-927077.html.Google ScholarGoogle Scholar
  45. TI. 2012. Wireless Connectivity - ZigBee (IEEE 802.15.4/ZigBee PRO) - CC2538 - TI.com. http://www.ti. com/product/cc2538.Google ScholarGoogle Scholar
  46. Trusted Computing Group a. About TCG. http://www.trustedcomputinggroup.org/about_tcg.Google ScholarGoogle Scholar
  47. Trusted Computing Group b. Platform reset attack mitigation specification, Version 1.0. http://www. trustedcomputinggroup.org/resources/pc_client_work_group_platform_reset_attack_mitigation_specification_version_10/.Google ScholarGoogle Scholar
  48. Trusted Computing Group c. Trusted platform module (TPM) specifications. http://www.trustedcomputinggroup.org/developers/trusted_platform_module/specifications.Google ScholarGoogle Scholar
  49. Waze. Free GPS navigation with turn by turn directions. http://www.waze.com/homepage/.Google ScholarGoogle Scholar
  50. S. Zhu, S. Setia, S. Jajodia, and P. Ning. 2004. An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks. In Proceedings of the IEEE Symposium on Security and Privacy. 259--271.Google ScholarGoogle Scholar

Index Terms

  1. Combating Software and Sybil Attacks to Data Integrity in Crowd-Sourced Embedded Systems

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!