Abstract
Crowd-sourced mobile embedded systems allow people to contribute sensor data, for critical applications, including transportation, emergency response and eHealth. Data integrity becomes imperative as malicious participants can launch software and Sybil attacks modifying the sensing platform and data. To address these attacks, we develop (1) a Trusted Sensing Peripheral (TSP) enabling collection of high-integrity raw or aggregated data, and participation in applications requiring additional modalities; and (2) a Secure Tasking and Aggregation Protocol (STAP) enabling aggregation of TSP trusted readings by untrusted intermediaries, while efficiently detecting fabricators. Evaluations demonstrate that TSP and STAP are practical and energy-efficient.
- Advanced Micro Devices. SVM: AMD's virtualization technology. www.xen.org/files/xs0106_amd_virtualization.pdf.Google Scholar
- E. Agapie, G. Chen, and D. Houston et al. 2008. Seeing our signals: Combining location traces and Web-based models for personal discovery. In Proceedings of ACM HotMobile. 6--10. Google Scholar
Digital Library
- B. An, F. Ordez, M. Tambe, E. Shieh, R. Yang, C. Baldwin, J. DiRenzo, K. Moretti, B. Maule, and G. Meyer. 2013. A deployed quantal response-based patrol planning system for the U.S. Coast Guard. Interfaces 43, 5, 400--420. Google Scholar
Digital Library
- R. Anderson. 2003. ‘Trusted Computing’ frequently asked questions. http://www.cl.cam.ac.uk/~rja14/tcpa- faq.html.Google Scholar
- Atmel Corporation. The Atmel trusted platform module. www.atmel.com/dyn/resources/prod_documents/doc5128.pdf.Google Scholar
- N. Baughman and B. Levine. 2001. Cheat-proof playout for centralized and distributed online games. In Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM).Google Scholar
- Bluetooth Special Interest Group. 2009. Core version 3.0 + HS. https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=174214.Google Scholar
- J. Burke, D. Estrin, M. Hansen, A. Parker, N. Ramanathan, S. Reddy, and M. Srivastava. 2006. Participatory sensing. In Proceedings of the ACM Sensys Workshop on World-Sensor-Web.Google Scholar
- D. Chaum, I. Damgård, and J. van de Graaf. 1987. Multiparty computations ensuring privacy of each party's input and correctness of the result. In Advances in Cryptology, Springer, 87--119. Google Scholar
Digital Library
- CNN. CNN iReport - Share your story, discuss the issues with CNN.com. http://www.ireport.com/.Google Scholar
- P. Denantes, F. Bénézit, P. Thiran, and M. Vetterli. 2008. Which distributed averaging algorithm should I choose for my sensor network? In Proceedings of the 27th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies (INFOCOM). 986--994.Google Scholar
- R. Dingledine, N. Mathewson, and P. Syverson. 2004. Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium. Google Scholar
Digital Library
- J. Douceur. 2002. The Sybil attack. In Proceedings of the IPTPS Workshop. Google Scholar
Digital Library
- A. Dua, N. Bulusu, W. Feng, and W. Hu. 2009. Towards trustworthy participatory sensing. In Proceedings of the 4th USENIX Workshop on Hot Topics in Security (HotSec). Google Scholar
Digital Library
- S. Eisenman, E. Miluzzo, N. Lane, R. Peterson, G. Ahn, and A. Campbell. 2007. TheBikeNet mobile sensing system for cyclist experience mapping. In Proceedings of the 5th International Conference on Embedded Networked Sensor Systems. ACM, 87--101. Google Scholar
Digital Library
- A. Francillon and C. Castelluccia. 2008. Code injection attacks on Harvard-architecture devices. In Proceedings of the 15th ACM Conference on Computer and Communications Security. 15--26. Google Scholar
Digital Library
- S. Ganeriwal, L. Balzano, and M. Srivastava. 2008. Reputation-based framework for high integrity sensor networks. ACM Trans. Sens. Netw. 4, 3. Google Scholar
Digital Library
- T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. 2003. Terra: A virtual machine-based platform for trusted computing. ACM SIGOPS Oper. Syst. Rev. 37, 5, 206. Google Scholar
Digital Library
- P. Gilbert, J. Jung, K. Lee, H. Qin, D. Sharkey, A. Sheth, and L. P. Cox. 2011. Youprove: authenticity and fidelity in mobile sensing. In Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys). 176--189. Google Scholar
Digital Library
- K. Higgins. 2010. Smartphone Weather App Builds a Mobile Botnet. http://www.darkreading. com/insiderthreat/security/client/showArticle.jhtml?articleID=223200001.Google Scholar
- W. Hu, P. Corke, W. C. Shih, and L. Overs. 2009. secFleck: A public key technology platform for wireless sensor networks. In Proceedings of EWSN. 296--311. Google Scholar
Digital Library
- B. Hull, V. Bychkovsky, Y. Zhang, K. Chen, M. Goraczko, A. Miu, E. Shih, H. Balakrishnan, and S. Madden. 2006. Cartel: A distributed mobile sensor computing system. In Proceedings of ACM SenSys. 125--138. Google Scholar
Digital Library
- Intel Corporation. Intel trusted execution technology. http://www.intel.com/technology/security/.Google Scholar
- A. Kapadia, N. Triandopoulos, C. Cornelius, D. Peebles, and D. Kotz. 2008. Anony- Sense: Opportunistic and privacy-preserving context collection. In Lecture Notes in Computer Science, vol. 5013, 280. Google Scholar
Digital Library
- D. Korzhyk, Z. Yin, C. Kiekintveld, V. Conitzer, and M. Tambe. 2011. Stackelberg vs Nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. J. Artif. Int. Res. 41, 2, 297--327. Google Scholar
Digital Library
- N. Lathia, K. K. Rachuri, C. Mascolo, and P. J. Rentfrow. 2013. Contextual dissonance: Design bias in sensor-based experience sampling methods. In Proceedings of the ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp). 183--192. Google Scholar
Digital Library
- J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In Proceedings of ACM SIGOPS/EuroSys. 315--328. Google Scholar
Digital Library
- S. Nath, J. Liu, J. Miller, F. Zhao, and A. Santanche. 2006. SensorMap: A Web site for sensors world-wide. In Proceedings of ACM SenSys. 373--374. Google Scholar
Digital Library
- openssl.org. Openssl: The open source toolkit for ssl/tls. http://www.openssl.org/.Google Scholar
- J. Padgette, K. Scarfone, and L. Chen. 2012. Guide to Bluetooth Security. http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf.Google Scholar
- E. Paulos, I. Smith, and R. Honicky. Participatory urbanism. http://www.urban-atmospheres.net/ParticipatoryUrbanism/index.html.Google Scholar
- R. A. Popa, H. Balakrishnan, and A. J. Blumberg. 2009. Vpriv: Protecting privacy in location-based vehicular services. In Proceedings of the USENIX Security Symposium. 335--350. Google Scholar
Digital Library
- B. Przydatek, D. Song, and A. Perrig. 2003. SIA: Secure Information Aggregation in Sensor Networks. In Proceedings of ACM SenSys. 255--265. Google Scholar
Digital Library
- V. Rastogi and S. Nath. 2010. Differentially private aggregation of distributed time-series with transformation and encryption. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 735--746. Google Scholar
Digital Library
- S. Reddy, A. Parker, J. Hyman, J. Burke, D. Estrin, and M. Hansen. 2007. Image browsing, processing, and clustering for participatory sensing: Lessons from a DietSense prototype. In Proceedings of ACM SenSys. 13--17. Google Scholar
Digital Library
- R. Sailer, X. Zhang, T. Jaeger, and L. Van Doorn. 2004. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the USENIX Security Symposium. 223--238. Google Scholar
Digital Library
- B. Schneier. 2002. Palladium and the TCPA. http://www.schneier.com/crypto-gram-0208.html#1.Google Scholar
- A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. 2005. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In Proceedings of ACM SIGOPS 39, 5, 1--16. Google Scholar
Digital Library
- A. Seshadri, A. Perrig, L. Van Doorn, and P. Khosla. 2004. SWATT: Software-based attestation for embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy. Citeseer, 272--282.Google Scholar
- A. Sharma, L. Golubchik, and R. Govindan. 2007. On the prevalence of sensor faults in real-world deployments. In Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON). 213--222.Google Scholar
- E. Shi, T.-H. H. Chan, E. G. Rieffel, R. Chow, and D. Song. 2011. Privacy-preserving aggregation of time-series data. In Proceedings of NDSS. Vol. 2. 4.Google Scholar
- P. Sikka, P. Corke, L. Overs, P. Valencia, and T. Wark. 2007. Fleck: A platform for real-world outdoor sensor networks. In Proceedings of the 3rd International Conference on Intelligent Sensors, Sensor Networks and Information. 709--714.Google Scholar
- F. Stajano and R. Anderson. 2000. The resurrecting duckling: Security issues for ad-hoc wireless networks. Lecture Notes in Computer Science, vol. 1796, 172--182. Google Scholar
Digital Library
- The H. Security. 2010. Hacker extracts crypto key from TPM chip. http://www.h-online.com/security/news/item/Hacker-extracts-crypto-key-from-TPM-chip-927077.html.Google Scholar
- TI. 2012. Wireless Connectivity - ZigBee (IEEE 802.15.4/ZigBee PRO) - CC2538 - TI.com. http://www.ti. com/product/cc2538.Google Scholar
- Trusted Computing Group a. About TCG. http://www.trustedcomputinggroup.org/about_tcg.Google Scholar
- Trusted Computing Group b. Platform reset attack mitigation specification, Version 1.0. http://www. trustedcomputinggroup.org/resources/pc_client_work_group_platform_reset_attack_mitigation_specification_version_10/.Google Scholar
- Trusted Computing Group c. Trusted platform module (TPM) specifications. http://www.trustedcomputinggroup.org/developers/trusted_platform_module/specifications.Google Scholar
- Waze. Free GPS navigation with turn by turn directions. http://www.waze.com/homepage/.Google Scholar
- S. Zhu, S. Setia, S. Jajodia, and P. Ning. 2004. An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks. In Proceedings of the IEEE Symposium on Security and Privacy. 259--271.Google Scholar
Index Terms
Combating Software and Sybil Attacks to Data Integrity in Crowd-Sourced Embedded Systems
Recommendations
The sybil attack in sensor networks: analysis & defenses
IPSN '04: Proceedings of the 3rd international symposium on Information processing in sensor networksSecurity is important for many sensor network applications. A particularly harmful attack against sensor and ad hoc networks is known as the Sybil attack [6], where a node illegitimately claims multiple identities. This paper systematically analyzes the ...
Machine learning combating DOS and DDOS attacks
In recent years, technology is booming at a breakneck speed as so the need of security. Vulnerabilities in the layers of the OSI model and the networks are paving new ways for intruders and hackers to steal the confidential information. Security attacks ...






Comments