Trust, Privacy, and Security - Western Michigan University
Download
Report
Transcript Trust, Privacy, and Security - Western Michigan University
Opportunistic Networks:
The Concept and Research Challenges
Leszek Lilien, Zille Huma Kamal and Ajay Gupta
In cooperation with: Vijay Bhuse and Zijiang (James) Yang
Wireless Sensornet Laboratory (WiSe Lab)
http://www.cs.wmich.edu/wsn
Department of Computer Science
Western Michigan University
Kalamazoo, MI 49008
2/9/2006
Basic Concepts for Opportunistic Networks
New paradigm and technology:
Opportunistic Networks (Oppnets)
2/9/2006
Facing the challenge of Pervasive Computing
Advancing leading-edge pervasive computing and
networking know-how
Applications ranging from EPR to mundane chores,
etc.
2
Startup: Seed Oppnet
Oppnet starts as a seed oppnet
Link to
the World
Wireless Nodes
Base Station
2/9/2006
Seed oppnet grows into an expanded oppnet
3
Growth: Expanded Oppnet
Satellite
Link to
the World
Appliance
(refrigerator)
Cellphone
Tower
Wireless Nodes
Base Station
Microwave
Relay
2/9/2006
Overturned Vehicle with OnStar
Heterogenous helpers join oppnet
Computer Network
Add communication, computing, sensing, storage, other resources 4
Important Concepts in Oppnets
Initial seed oppnet actions
Localize nodes
Configure seed oppnet
Adapt seed oppnet to environment
Seed oppnet growth
Detecting & identifying candidate helpers
Contacting & inviting selected candidate helpers
Admitting & integrating helpers
Offloading tasks to helpers
2/9/2006
Determining useful colaborative functionalities
Managing offloaded tasks
5
Basic Oppnet Categories
2 major oppnet categories:
Corresponding oppnets scenarios:
2/9/2006
Benevolent oppnets
Malevolent oppnets
Benevolent oppnet scenario:
“Citizens Called to Arms”
Malevolent oppnet scenario:
“Bad Guys Gang Up”
6
Benevolent Oppnet
Scenario: “Citizens
Called to Arms” (1)
Seed oppnet deployed
after an earthquake
(unpredictable disaster)
Seed is ad hoc wireless network with very powerful nodes
More energy, computing and communication resources
Seed tries to detect candidate helpers
For help in damage assessment and disaster recovery
Uses any available detection method — including:
Radio-based (including cellphone-based) detection
Searching for nodes using the IP address range for the affected
geographic area
AI-based visual detection
2/9/2006
7
E.g., visual detection of an overturned car via surveillance net /
recognition of its license plate / finding OnStar connection to it /
contacting Body Area Networks on or within bodies of car occupants
7
Benevolent Oppnet
Scenario: “Citizens
Called to Arms” (2)
Oppnet selects optimal
subset of detected nodes
Desktop can „sense” location of a potential victim at its keyboard
Cellphones can „sense” location (even ones w/o GPS can be
triangulated)
Using emergency functionalities
Oppnet contacts 2 independent sensornets (SNs):
water infrastructure control SN / public space surveillance SN
Ordered to abandon normal functions & help in disaster recovery
2/9/2006
8
Using “hidden” capabilities, e.g. for sensing:
Inviting devices, clusters
& entire networks
Helpers for communicating, sensing, computing
Water infrastructure SN (with multisensor capabilities, under road
surfaces) — to sense vehicular movement and traffic jams
Public space surveillance SN — to search for images of human
victims
8
Malevolent Oppnet
Scenario: “Bad Guys
Gang Up” (1)
Scenario 1 — Terrorists
create apparently
harmless weather monitoring sensornet (SN):
SN becomes a seed of a malevolent opportunistic SN
SN exploits other nodes from many other networks
9
(w/o revealing its true goals)
“Critical mass” of the opportunistic SN is reached (in terms of
geographical spread and sensing capabilities)
SN waits for wind patterns that can speed up spread of
poisonous chemicals
2/9/2006
Collected data used to decide when to start chemical attack
9
Malevolent Oppnet
Scenario: “Bad Guys
Gang Up” (2)
Scenario 2 — network at home starts spying on you:
Becomes a seed oppnet
Exploits other devices/nets to collect all info on you:
2/9/2006
From your fridge (& RFID-equipped food packaging):
what/when you eat
From your computer: keylogs your passwords, sensitive data
From your cellphone: who you call & when
From your networked camera: what photos you take
From your home security surveillance system: your private
images
Cyberfly with camera eyes and microphone ears
...
Huge privacy problem! / Huge security problem!
Controls to counteract malevolent oppnets badly needed
10
This page left blank intentionally.
2/9/2006
11
Section 2:
Research Challenges
for Basic Oppnets Operations
2/9/2006
Presented in the order defined by the
order of basic oppnet operations
Security/privacy challenges covered later
in Section 3
12
Deploy
seed oppnet
YES
GROWTH
Detect candidate
helpers (system)
Enough
good
candidate
s?
YES
Need
to
grow?
NO
NO
Command
Center
Admit candidates
into oppnet
Integrate helper’s
resources
Collaborative
processing
Clean up all helpers
Release helpers
2/9/2006
YES
Work
done?
NO
13
Challenges in Seed Oppnet Deployment
2/9/2006
Localization
Self-configuration & reconfiguration
Adaptability
14
Deploy
seed oppnet
YES
GROWTH
Detect candidate
helpers (system)
Enough
good
candidate
s?
YES
Need
to
grow?
NO
NO
Command
Center
Admit candidates
into oppnet
Integrate helper’s
resources
Collaborative
processing
Clean up all helpers
Release helpers
2/9/2006
YES
Work
done?
NO
15
Challenges in Detecting Helper Systems
(1)
Develop primitives/methods to detect helpers
Over heterogeneous communication media
Wired/WiFi
Bluetooth
Satellite
Ham radios
…
ability to integrate diverse technologies
2/9/2006
16
Challenges in Detecting Helper Systems (2)
Identify and categorize detected candidates
Classify detected candidates
Based on dependability and usefulness
Evaluate candidates
2/9/2006
E.g., a system detect on Bluetooth:
is it cellphone or laptop?
Can given candidate facilitate oppnet operations?
17
Deploy
seed oppnet
YES
GROWTH
Detect candidate
helpers (system)
Enough
good
candidate
s?
YES
Need
to
grow?
NO
NO
Command
Center
Admit candidates
into oppnet
Integrate helper’s
resources
Collaborative
processing
Clean up all helpers
Release helpers
2/9/2006
YES
Work
done?
NO
18
Invite & Admit Candidate Helpers
Select candidates to invite
Design primitives/methods to send invitations
Develop methods that enable helper to accept or
reject invitation
Candidates are helpers not slaves
2/9/2006
But in emergency situations could be forced to joined
Design primitives/methods to admit helper into
oppnet
Devise primitives/methods to manage expanded
oppnet
19
Deploy
seed oppnet
YES
GROWTH
Detect candidate
helpers (system)
Enough
good
candidate
s?
YES
Need
to
grow?
NO
NO
Command
Center
Admit candidates
into oppnet
Integrate helper’s
resources
Collaborative
processing
Clean up all helpers
Release helpers
2/9/2006
YES
Work
done?
NO
20
Integrate Helper Resources
2/9/2006
Select goals to be facilittated by helpers
Determine tasks to be offloaded to helpers
Coordinate all tasks
21
Deploy
seed oppnet
YES
GROWTH
Detect candidate
helpers (system)
Enough
good
candidate
s?
YES
Need
to
grow?
NO
NO
Command
Center
Admit candidates
into oppnet
Integrate helper’s
resources
Collaborative
processing
Clean up all helpers
Release helpers
2/9/2006
YES
Work
done?
NO
22
Collaborative Processing
Collaborative tasks:
Growth
Data collection and querying
Data aggregation / information fusion
Routing
Assuring connectivity
...
Issues:
Effectiveness
In emergencies, effectiveness outweighs efficiency
Efficiency
2/9/2006
Ideally, no cost on human life or suffering
Energy conservation
Efficient querying
Security and privacy
…
23
Deploy
seed oppnet
YES
GROWTH
Detect candidate
helpers (system)
Enough
good
candidate
s?
YES
Need
to
grow?
NO
NO
Command
Center
Admit candidates
into oppnet
Integrate helper’s
resources
Collaborative
processing
Clean up all helpers
Release helpers
2/9/2006
YES
Work
done?
NO
24
Clean Up and Release Helpers
Oppnet restores “original state” of helpers
2/9/2006
As close as possible to their state just before they
joined
Imperative to minimize intrusiveness of helper
Oppnet releases helpers from “duty”
25
Deploy
seed oppnet
YES
GROWTH
Detect candidate
helpers (system)
Enough
good
candidate
s?
YES
Need
to
grow?
NO
NO
Command
Center
Admit candidates
into oppnet
Integrate helper’s
resources
Collaborative
processing
Clean up all helpers
Release helpers
2/9/2006
YES
Work
done?
NO
26
Command Center (CC)
CC capable of interactive (human intervention)
or autonomous actions
CC tasks include:
Determine/modify goals
Activate actuators/sensors
Manage oppnet
Facilitate human input for interactive heuristics
2/9/2006
Decide when/how to grow
Optimize resources
...
Determine critical mass of seed oppnet & expanded oppnet
Optimize oppnet configuration
...
CC assures realization of oppnet goals
27
Related Research
Oppnets viewed as a superset of MANET
(MANET = Mobile Ad hoc NETwork)
=> Challenges inherent to MANET carried over to oppnets
Growth in P2P systems
Mimic their spread capabilities in search for helpers
Others
2/9/2006
Integrating and managing heterogeneous systems
Trojan Horses
Searching for peers in unstructured systems
Grid Systems
Localization, data integration & aggregation
CenWits
28
This page left blank intentionally.
2/9/2006
29
Section 3:
Research Challenges
for Security and Privacy in Oppnets (1)
Prevent malicious helpers from joining
Common attacks
2/9/2006
MITM
Packet dropping
DoS attack on weak devices
ID spoofing
...
Finding “good” cryptographic primitives
30
Research Challenges
for Security and Privacy in Oppnets (2)
Increasing trust
Assuring privacy
2/9/2006
Routing through more trusted systems
Shared secrets for each communicating pair
Using shared secrets with broadcast authentication
Using digital signatures
Privacy of communications and data storage
Communication patterns
Broadcast/multicast from the base station
Messages among nodes & from nodes to the base station
31
Research Challenges
for Security and Privacy in Oppnets (3)
Intrusion detection
Why?
Issues in intrusion detection
2/9/2006
When prevention fails
Lack of initial authentication mechanism
Securely distributing information about malicious entities
Heterogeneous – real-time intrusion detection and response
32
This page left blank intentionally.
2/9/2006
33
Section 4a:
Conclusions
High-payoff potential for the oppnet Initiative
2/9/2006
Reduction of human suffering & loss of life
Economic benefits
Technological, educational & research benefits
34
Impact of Oppnets on the Society
Impact on Emergency Preparadness and Response
operations in Homeland Security (HS) — current app focus
Tremendous leveraging potential in emergencies
Reduction of human suffering & loss of life
Increasing safety & efficiency of the first responders
Impact on other applications in HS and outside HS
Economic impact
Technology transfer & commercialization
Benefits for the computer industry
Production of software / networking equipment
Benefits for other industries
2/9/2006
A wealth of freely available resources
Enhancing many products with standard oppnet interfaces
E.g.: cars with oppnet-capable nodes — auto industry benefits
35
Impact of Oppnets on Technology
Advancing the network know-how
Advancing other critical areas of computer technology
2/9/2006
By development of the oppnet technology
Enhancing distributed applications served by „regular” networks
Enabling new application niches we can not even foresee
Including wireless systems, sensornets, ad hoc systems &
pervasive computing
A side effect of oppnet developments
Technology impacts speeded up & enhanced by the
planned technology transfer plus commercialization
activities
36
Impact of Oppnets on
Education & Research
Impact on students
For project participants: hands-on B.S./M.S./Ph.D training
For others: course enhancements / course projects / seminars
Dissemination of research results
Including K-12 demos for underrepresented minorities
All activities will broaden the America’s talent pool in critical
technologies and applications
2/9/2006
Publications, presentations, seminars, poster sessions, web site
Public availability of the oppnet prototype, tools & data
Outreach activities
Oppnet prototype used for lab experiments
Training more minority & female students at all levels
37
Section 4b:
Future Work
Building a prototype
Technology transfer & commercialization
2/9/2006
To demonstrate technical prowess & economic benefits
Discussed above
38
Future Work:
EPR Oppnet Initiative — Milestones
Building state-of-the-art lab facilities
Constructing an oppnet prototype in the lab
Developing performance analysis tools to support
testing & fine-tuning activities
Extending the prototype to include livinglaboratory resources available in our sensor- &
computer-rich building
Testing the prototype within the living laboratory
Obtaining external assessment of the prototype
2/9/2006
For fine-tuning design & implementation
From computer & homeland security labs in MI, IN, IL
39
WiSe Lab Publications on
Sensornets, Oppnets & Pervasive Computing
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
2/9/2006
L. Lilien and A. Gupta, ” Opportunistic Networks for Emergency Preparadness and Response” (submitted for publication).
V. Bhuse, A. Gupta, and L. Lilien, "Research challenges in lightweight intrusion detection for sensornets" (submitted for publication).
L. Lilien and B. Bhargava, ”A Scheme for Privacy-preserving Data Dissemination,” IEEE Transactions on Systems, Man and Cybernetics (to
appear).
L. Lilien, Z. Kamal, V. Bhuse and A. Gupta, "Opportunistic Networks: The Concept and Research Challenges,” International Workshop on
Research Challenges in Security and Privacy for Mobile and Wireless Networks (WSPWN 2006), Miami, Florida, March 2006 (to appear).
T. Canli, M. Terwilliger, A. Gupta and A. Khokhar, "Power Efficient Algorithms for Computing Fast Fourier Transform over Wireless Sensor
Networks," The Fourth ACS/IEEE Conference on Computer Systems and Applications , Dubai, UAE, March 2006.
V. Bhuse, A. Gupta and L. Lilien, "DPDSN: Detection of packet-dropping attacks for wireless sensor networks," Proceedings of the
4th International Trusted Internet Workshop (TIW), International Conference on High Performance Computing, Goa, India, December 2005.
A. Gupta and V. Bhuse, "Anamoly Intrusion Detection in Wireless Sensor Networks," Journal of High Speed Networks, vol. 15, issue 1, JanuaryMarch 2006.
M. Terwilliger, A. Gupta, A. Khokhar and G. Greenwood, "Localization using Evolution Strategies in Sensornets," Proceedings of the IEEE
Congress on Evolutionary Computation, Edinburgh, UK, September 2005.
V. Bhuse, A. Gupta, M. Terwilliger, Z. Yang and Z. Kamal, "Using Routing Data for Information Authentication in Sensor Networks," Proceedings
of the 3rd International Trusted Internet Workshop (TIW), International Conference on High Performance Computing, Bangalore, India,
December 2004.
T. Canli, M. Terwilliger, A. Gupta and A. Khokhar, "Power-Time Efficient Algorithm for Computing FFT in Sensor Networks," (Extended Abstract).
Proceedings of the Second ACM Conference on Embedded Networked Sensor Systems (SenSys), Baltimore, Maryland, November 2004.
B. Bhargava, L. Lilien, A. Rosenthal, and M. Winslett, “PervasiveTrust,” IEEE Intelligent Systems, vol. 19(5), Sep./Oct.2004, pp. 74-77.
B. Bhargava and L. Lilien, “Private and Trusted Collaborations,” Proc. Secure Knowledge Management (SKM 2004): A Workshop, Amherst, NY,
Sep. 2004.
M. Jenamani, L. Lilien, and B. Bhargava, “Anonymizing Web Services Through a Club Mechanism with Economic Incentives,” Proc. International
Conference on Web Services (ICWS 2004), San Diego, California, July 2004, pp. 792-795.
Z. Kamal, M. Salahuddin, A. Gupta, M. Terwilliger, V. Bhuse and B. Beckmann, "Analytical Analysis of Data and Decision Fusion in Sensor
Networks," The 2004 International Conference on Embedded Systems and Applications . Las Vegas, June 2004.
M. Terwilliger, A. Gupta, V. Bhuse, Z. Kamal, and M. Salahuddin, "A Localization System Using Wireless Sensor Networks: A Comparison of Two
Techniques," Proceedings of the 2004 Workshop on Positioning, Navigation and Communication, Hanover, Germany, March 2004 , pp. 95-100.
V. Bhuse, A. Gupta and R. Pidva, "A Distributed Approach to Security in Sensornets," The 58th IEEE Semiannual Vehicular Technology
Conference, Orlando, Florida, USA, October 2003.
L. Lilien, “Developing Pervasive Trust Paradigm for Authentication and Authorization,” Proc. Third Cracow Grid Workshop (CGW’03), Kraków
(Cracow), Poland, October 2003, pp. 42-49 (invited paper).
40
WiSe Lab Experience in Sensornets –
Selected Projects Since 1/03
Designing of WiSe Security Protocols: DSPS
Location Tracker Using Motes (*)
RHS: Remote Home Surveillance (*)
Directed Diffusion: Attacks & Countermeasures
Improving the Accuracy of Mote Measurements
by Using Neural Networks
SOMS: Smart Occupancy Monitoring System Using Motes (*)
Comparative Study of Network Simulators
Collaborative Image Processing (*)
DENSe: a Development Environment for Networked Sensors
Incorporating Mobile-ware in Distributed Computations / Grids (*)
Extending the ns-2 Simulator to Satellite and WCN Simulations
Smart Antennas for WCNs
Energy Efficient MAC Protocols for IEEE 802.11x
A Wireless Security Testing System (*)
Mobile and Self-Calibrating Irrigation System
Collective Communications for Sensornets (*)
* Results directly useful for oppnets
2/9/2006
41
Sensor Node
Node Structure
Event detection
Sensors
Wireless communication
CPU
Radio
Neighboring Nodes
Battery
Node implementation (MICA-2)
2/9/2006
42
Thank you very much
for your time and attention!
2/9/2006
43
2/9/2006
44
2/9/2006
45
Sensor Node
Node Structure
Event detection
Sensors
Wireless communication
CPU
Radio
Neighboring Nodes
Battery
Node implementation (MICA-2)
2/9/2006
46
Startup: Seed Oppnet
Oppnet starts as a seed oppnet
Link to
the World
Wireless Nodes
Base Station
2/9/2006
Seed oppnet grows into an expanded oppnet
47
Growth: Expanded Oppnet
Satellite
Link to
the World
Appliance
(refrigerator)
Cellphone
Tower
Wireless Nodes
Base Station
Microwave
Relay
2/9/2006
Overturned Vehicle with OnStar
Computer Network
Heterogenous helpers join oppnet
Add communication, computing, sensing, other resources
48
Fig - Expanded Oppnet (size : 50%)
49
Best version above; worse, older version below:
49
2/9/2006
49
>>FIX OR SKIP:<<
Integrate Helper Resources
2/9/2006
Select goals to be facilittated by helpers
Determine tasks to be offloaded to helpers
Coordinate all tasks
ADD SOME MORE POINTS
ANOTHER POINT
ONE MORE POINT
…
50