Trust, Privacy, and Security - Western Michigan University
Download
Report
Transcript Trust, Privacy, and Security - Western Michigan University
CS 6910: Advanced Computer and Information Security
Lecture 2a
Opportunistic Networks:
Specialized Ad Hoc Networks
for Emergency Response Applications
Leszek Lilien
WiSe Lab (Wireless Sensornet Laboratory)
http://www.cs.wmich.edu/wsn
Department of Computer Science
Western Michigan University
Kalamazoo, MI 49008
© Leszek T. Lilien 2006
Outline
Part 1. Motivation for Specialized Ad Hoc Networks
Part 2. Analogy to a Human Emergency Response Team
© Leszek T. Lilien 2006
Part 3. Opportunistic Networks: A New Type of Specialized Ad
Hoc Networks
Part 4. Related Research and Research Challenges
Part 5. Conclusions
Part 6. Current and Future Work
Sept. 2006
2
Part 1. Motivation for
Specialized Ad Hoc Networks
© Leszek T. Lilien 2006
Homeland Security
One of the crucial challenges facing the USA today
Among its 6 mission areas is
Emergency Preparedness and Response (EPR)
EPR deals with:
Natural disasters
Man-made disasters
(incl. accidents, terrorist attacks)
[Natl. Strategy for Homeland Security, July 2002]
Mobile ad hoc networks (MANETs) proposed for EPR
Sept. 2006
[Haas, 1999]
3
Motivation for Specialized Ad Hoc Networks (2)
© Leszek T. Lilien 2006
MANETS are not quite a natural match for EPR
E.g., human rescue teams can find and mobilize as their
helpers local firemen, police, National Guard or even
regular citizens
No analogous capability of MANETs to find and “mobilize”
devices/networks
Let’s find or define a specialization (a subclass) of ad hoc
networks more suitable for EPR applications
A new paradigm and a new technology to improve
effectiveness & efficiency of EPR
Sept. 2006
4
© Leszek T. Lilien 2006
This page left blank intentionally.
Sept. 2006
5
Part 2. Analogy to
a Human Emergency Response Team
Important characteristics of a human rescue team
Starts as a seed team (a small group of people)
The seed team grows opportunistically during its
operations
a) Some people can always be ordered to join
© Leszek T. Lilien 2006
Police, firemen, National Guard or Army Reserve personnel
Sept. 2006
b) Anybody can be ordered to join only in life-or-death
situations
Legally required to help saving lives or critical resources
c) Anybody can be asked to join in other situations
6
Analogy to a Human Emergency Response Team (2)
Who is ordered or invited to join?
In some situations any extra pair of hands can help
In others only highly qualified people (e.g., doctors and nurses)
are ordered/asked to join
Human helper types
Highly prepared
E.g., National Guard, Army Reserve or state militias
© Leszek T. Lilien 2006
Sept. 2006
(even unforeseen)
Somewhat prepared
E.g., people that volunteer for first aid courses
Signed up for service
Undergo training in preparation for duty
Become pretty valuable helpers in emergencies
Not prepared at all
7
Analogy to a Human Emergency Response Team (3)
Benefits of the opportunistic growth of the rescue team
Opportunistic leveraging of all kinds of skills and resources
that new helpers can bring
Obtaining a lot of help effectively and efficiently – even for free
© Leszek T. Lilien 2006
Sept. 2006
8
Analogy to a Human Emergency Response Team (4)
Analogous critical requirements for ad hoc network
specialized for EPR in the priority order:
1) Minimal starting configuration – a pre-configured seed for
EPR operations
Analogy to the seed rescue team
2) High interoperability in terms of communication of diverse
devices or networks (Wired/WiFi, Bluetooth, satellite, ham radios, WiMAX, ...)
Analogy to a rescue team’s ability to contact different people, individually or via
organizations
3) Highly heterogeneous software
(& hardware)
© Leszek T. Lilien 2006
Analogy to heterogeneity of rescue teams in terms of members’ skills,
communication and other equipment, and other resources
4) Harvesting of diverse resources as needed
Analogy to finding people with different skills, equipment, and other resources
5) Persistent connectivity once it is established
Analogy to being able to contact (maybe via a chain of others) members of the
expanded team, including all helpers
Sept. 2006
9
Analogy to a Human Emergency Response Team (5)
© Leszek T. Lilien 2006
If there is no specialized ad hoc network (AHN) matching the
requirements, then:
Define a new specialized AHN paradigm
Invent a new specialized AHN technology
No known specialized AHN matches the requirements
Considered AHNs:
Mobile ad hoc networks (MANETs)
Mesh networks
P2P systems
Sensor networks
Spontaneous networks (in the narrow sense, cf. [Feeney et al. 2001])
=> Need:
- a new specialized AHN paradigm
- a new specialized AHN technology
Sept. 2006
10
IMPORTANT !
We concentrate here on Homeland Security
applications for oppnets
BUT
© Leszek T. Lilien 2006
Homeland Security is only one of many possible
application classes for oppnets
Sept. 2006
11
© Leszek T. Lilien 2006
This page left blank intentionally.
Sept. 2006
12
Part 3. Opportunistic Networks: A New Type
of Specialized Ad Hoc Networks
Paradigm of Opportunistic Networks (Oppnets)
© Leszek T. Lilien 2006
Based on the analogy to operations of human rescue teams
Goals of oppnets:
Opportunistic growth
Opportunistic leveraging of resources aiming at (among
others):
Bridging diverse communication media
Offloading computations to additional platforms
Integrating independent sensing systems (enhancing their
Sept. 2006
sensing capabilities)
13
Startup: Seed Oppnet
Oppnet deployed as a seed oppnet
Link to
the World
Seed Nodes
© Leszek T. Lilien 2006
Controller
Sept. 2006
(distributed)
Seed oppnet localizes its nodes & self-configures
14
Growth: Expanded Oppnet
Seed oppnet grows into an expanded oppnet by:
Finding candidate helpers
Selecting candidates - they are ordered/asked to join
Add communication, computing, sensing, storage, other resources
Satellite
Link to
the World
Appliance
© Leszek T. Lilien 2006
(refrigerator)
Cellphone
Tower
Seed Nodes
Controller
(distributed)
WiMAX
Sept. 2006
Overturned
Vehicle
(with OnStar)
Computer Network 15
© Leszek T. Lilien 2006
Summary of Oppnet Activities
Discovering & identifying candidate helpers
Contacting selected candidates
Inviting or ordering candidates to join
Admitting & integrating helpers that join oppnet
Offloading tasks to helpers
Sept. 2006
Determining useful colaborative functionalities
Managing offloaded tasks
Cleaning up & releasing each helper when no longer
needed
16
Oppnet Reserve
A challenge in oppnet growth
Must discover candidate helpers, then contact selected
ones
Difficult without facilities provided by candidates or
infrastructure
A solution: oppnet reserve — facilitating discovery/contacting
Analogy to Army / Navy / Air Force Reserve, etc.
Volunteer helpers sign up for oppnet reserve
© Leszek T. Lilien 2006
Sept. 2006
Maybe for some incentives
Volunteers „trained” for active duty
Install facilities that make them easier to detect and contact by
oppnets
E.g., install (future) standard oppnet protocols
(moral, financial, etc.)
Matched to their capabilities: heavy-, medium- and lightweight
Available for active oppnet duty whenever must/can help
17
Oppnet Reserve (2)
Oppnet reserve is analogous to having highly prepared
human helpers
(Recall the classification of human helpers into: highly prepared,
somewhat prepared, unprepared)
Oppnet reserve is not required but very helpful
Having highly prepared human helpers is not required either
© Leszek T. Lilien 2006
Sept. 2006
18
Basic Oppnet Categories
2 major oppnet categories:
Benevolent oppnets
Malevolent oppnets
Corresponding oppnets scenarios:
Benevolent oppnet scenario:
„Citizens Called to Arms”
© Leszek T. Lilien 2006
Sept. 2006
Malevolent oppnet scenario:
„Bad Guys Gang Up”
19
Benevolent Oppnet
Scenario: „Citizens
Called to Arms” (1)
Seed oppnet deployed
after an earthquake (un-
20
predictable emergency)
Seed is ad hoc wireless network with very powerful
nodes
© Leszek T. Lilien 2006
Sept. 2006
More energy, computing and communication resources
Seed tries to detect candidate helpers
For help in damage assessment and disaster recovery
Uses any available detection method — including:
Cellphone- or radio-based detection
Searching for nodes using the IP address range for the
affected geographic area
AI-based visual detection (next)
20
Benevolent Oppnet
Scenario: „Citizens
Called to Arms” (2)
© Leszek T. Lilien 2006
Sept. 2006
Example:
Helper 1 (supervisor of security cameras) monitoring a surveillance net
views an overturned car
Helper 2 (pattern recognition specialist) detects an overturned car
Helper 3 (image analysis specialist) asked to recognize its license plate
Helper 4 (DB manager) finds that the cars has OnStar link
Helper 5 (OnStar agent) contacts BANs (Body Area Networks) on or
within bodies of car occupants via OnStar infrastructure
Helper 6 (vital sign evaluator) evaluates obtained info
Helper 7 (rescue dispatcher) decides if/when rescuers should be
dispatched
21
21
Benevolent Oppnet
Scenario: „Citizens
Called to Arms” (3)
22
© Leszek T. Lilien 2006
Sept. 2006
Oppnet selects optimal subset of detected nodes
Inviting devices, clusters & entire networks
Helpers for communicating, sensing, computing
Using „hidden” capabilities, e.g. for sensing:
Desktop can „sense” presence of a potential victim at
its keyboard
Cellphones can „sense” location
Even ones w/o GPS can be triangulated
22
Benevolent Oppnet
Scenario: „Citizens
Called to Arms” (4)
© Leszek T. Lilien 2006
Sept. 2006
Using „hidden”
emergency functionalities
Oppnet contacts 2 independent sensornets (SNs):
water infrastructure control SN /
public space surveillance SN
SNs ordered to abandon normal functions & help in
rescue & recovery operations
Water infrastructure SN (with multisensor capabilities,
under road surfaces) — ordered to sense vehicular
movement and traffic jams
Public space surveillance SN — ordered to search
for images of human victims
23
23
Malevolent Oppnet
Scenario: „Bad Guys
Gang Up” (1)
Scenario 1 — Terrorists
create apparently
harmless weather monitoring sensornet (SN):
SN becomes a seed of a malevolent opportunistic SN
SN exploits other nodes from many other networks
24
(w/o revealing its true goals)
“Critical mass” of the opportunistic SN is reached (in terms of
© Leszek T. Lilien 2006
geographical spread and sensing capabilities)
Sept. 2006
SN waits for wind patterns that can speed up spread of
poisonous chemicals
Collected data used to decide when to start chemical attack
24
Malevolent Oppnet Scenario:
„Bad Guys Gang Up” (2)
Scenario 2 — network at home starts spying on you:
Becomes a seed oppnet
Exploits other devices/nets to collect all info on you:
© Leszek T. Lilien 2006
From your fridge (& RFID-equipped food packaging):
what/when you eat
From your computer: keylogs your passwords, sensitive data
From your cellphone: who you call & when
From your networked camera: what photos you take
From your home security surveillance system: your private
images
Cyberfly with camera eyes and microphone ears
...
Huge privacy problem! / Huge security problem!
Controls to counteract malevolent oppnets badly needed
Sept. 2006
25
© Leszek T. Lilien 2006
This page left blank intentionally.
Sept. 2006
26
Part 4. Related Research
and Research Challenges
Examples of Related Research
Interoperability
Among wireless networks - active research area
Among WANs, MANs, LANs, PANs (Personal Area Networks), etc.
Among wired & wireless nets - much less research
Ambient Networks (big European Union project, next-generation Internet—for 2015/2020, smaller
networks able to compose themselves into bigger ones)
Localization and self-organization
Network growth
© Leszek T. Lilien 2006
Sept. 2006
P2P systems – search for peers in unstructured systems
Trojan Horses - agents spreading in search for helpers
Integrating and managing heterogeneous systems, incl. data
integration & aggregation
MANETs / Sensornets
Grid systems / MANETs / Sensornets
Other
…
27
Research Challenges in Basic Operations
Challenges in seed oppnet deployment
E.g., localization, self-configuration, adaptability
Challenges in detecting helper systems
E.g., define primitives to detect candidates, identify and categorize
them, evaluate and classify them (e.g., based on dependability and
usefulness)
Challenges in inviting & admitting candidate helpers
© Leszek T. Lilien 2006
E.g., select candidates to invite, develop protocols for candidates to
accept or reject invitation, devise primitives /methods to manage
expanded oppnets
Etc., etc. for remaining oppnet primitives
More:
Leszek Lilien, Z. Huma Kamal, and Ajay Gupta, "Opportunistic Networks: Research
Challenges in Specializing the P2P Paradigm,” Proc. 3rd International Workshop on P2P
Data Management, Security and Trust (PDMST’06), Kraków, Poland, September 2006 (to
appear)
Sept. 2006
28
Research Challenges in Privacy & Security
(1)
1) Privacy challenges in oppnets
Privacy is critical
Oppnets are pervasive systems
Must face all critical privacy challenges inherent to pervasive
computing
Privacy is a „make it or break it” issue for pervasive computing
=>
Privacy is a „make it or break it” issue for oppnets
© Leszek T. Lilien 2006
Sept. 2006
Basic privacy protection goals in oppnets
Protect helper resources from the host oppnet
Protect oppnet from its helpers
Protect environment from privacy violations by
oppnet
Also from malevolent oppnets
29
Research Challenges in Privacy & Security
(2)
2) Security challenges in oppnets
Many have privacy aspects/components
More:
Leszek Lilien, Z. Huma Kamal, Vijay Bhuse and Ajay Gupta, "Opportunistic Networks:
The Concept and Research Challenges in Privacy and Security,” Proc. International
© Leszek T. Lilien 2006
Workshop on Research Challenges in Security and Privacy for Mobile and Wireless
Networks (WSPWN 2006), Miami, Florida, March 2006.
Sept. 2006
30
© Leszek T. Lilien 2006
This page left blank intentionally.
Sept. 2006
31
>SKIP< Part 5. Conclusions
High-payoff potential for the oppnet initiative
1) Social and economic benefits
Including reduction of human suffering & loss of life
© Leszek T. Lilien 2006
2) Technological benefits
3) Research benefits
4) Educational benefits
Sept. 2006
-- Details below --
32
1) Social & Economic Impacts
Impacts on Emergency Preparedness and Response
operations in Homeland Security (HS) — current app focus
Tremendous leveraging potential in emergencies
A wealth of freely available resources
Reduction of human suffering & loss of life
Increasing safety & efficiency of the first responders
Impacts on other applications both in HS and outside HS
Economic impacts
© Leszek T. Lilien 2006
Sept. 2006
Technology transfer & commercialization
Benefits for the computer industry
Production of software / networking equipment
Benefits for other industries
Enhancing many products with standard oppnet interfaces
E.g., the auto industry: cars and trucks as oppnet platforms
33
2) Impacts on Technology
© Leszek T. Lilien 2006
Sept. 2006
Advancing the network and pervasive computing know-how
Development of the innovative oppnet technology
Enhancing network/pervasive applications by use of
oppnet technologies
Enabling new network/pervasive application niches we
can not even foresee
Advancing other areas of technology (not only computing)
A side effect of oppnet developments
Technology impacts speeded up & enhanced by the
planned technology transfer plus commercialization
activities
34
3) Impacts on Research
Encouraging oppnet research
1)
Building our oppnet research team at WMU
4 professors, 2 Ph.D. students (incl. a Ph.D. dissertation), other students
2 high-tech companies specializing in EPR products
2)
3)
© Leszek T. Lilien 2006
Sept. 2006
From Ann Arbor - Michigan’s equivalent of the Sillicon Valley
Summer 2006: 1 more Ph.D. student, ≥ 1 M.S. students
Fall 2006: many student projects
Initiating research collaboration with researchers outside of the
WMU
Encouraging independent oppnet research
Applying for state, NSF, and other funding for Ph.D.
students and other students, post docs, and visiting faculty
Dissemination of research results and products:
Presentations: publications, seminars, poster sessions
A dedicated web site
Public availability of the oppnet prototype, tools & data
35
4) Impacts on Education
Impact on students
For project participants: hands-on training on the
B.S./M.S./Ph.D levels
For others: course enhancements / course projects /
seminars
© Leszek T. Lilien 2006
Sept. 2006
Oppnet prototype used for lab experiments
Outreach activities
Including K-12 demos for underrepresented minorities
All activities will broaden the America’s talent pool in critical
technologies and applications
Training more minority & female students at all levels
36
© Leszek T. Lilien 2006
This page left blank intentionally.
Sept. 2006
37
Part 6. Current and Future Work
Building an oppnet prototype
Goal: Proof of concept
To demonstrate technical prowess & economic benefits
Designing oppnet architecture
With its associated components:
Oppnet prototype implementation
© Leszek T. Lilien 2006
For stimulation and feedback
Sept. 2006
Methods, protocols, and algorithms
Necessary for fine-tuning oppnet design
Technology transfer & commercialization
Mentioned above
38
More Details of Oppnet Prototyping
Building state-of-the-art lab facilities
Constructing an oppnet prototype in the lab
© Leszek T. Lilien 2006
Sept. 2006
Developing performance analysis tools to support testing &
fine-tuning activities
Extending the prototype to include living-laboratory
resources available in our sensor- & computer-rich building
Testing the prototype within the living laboratory
For fine-tuning design & implementation
Obtaining external assessment of the prototype
From computer & homeland security labs in MI, IN, IL
39
Search for Other Oppnet Applications
© Leszek T. Lilien 2006
Sept. 2006
Search for oppnet utilization in all kinds of application areas
Search for applications that ...
... can start with a seed
... need high interoperability
... need highly heterogeneous software
... can benefit from leveraging diverse resources of
helpers
... can maintain persistent connectivity once it is
established
...
Welcome collaboration or independent contributions
Seeking funding that will allow to fund:
Ph.D. students (dissertations on oppnets)
Post docs (e.g., 3-12 months)
Visiting faculty (e.g., 1-6 months)
40
Publications on Oppnets
(intensive work on oppnets started in our WiSe Lab in December 2005)
1.
2.
Leszek Lilien and Ajay Gupta, ” Opportunistic Networks for Emergency
Preparedness and Response” (submitted for publication).
Leszek Lilien, Z. Huma Kamal, and Ajay Gupta, "Opportunistic Networks:
Research Challenges in Specializing the P2P Paradigm,” Proc. 3rd
International Workshop on P2P Data Management, Security and Trust
(PDMST’06), Kraków, Poland, September 2006 (to appear)
3.
© Leszek T. Lilien 2006
4.
Leszek Lilien, “Developing Specialized Ad Hoc Networks: The Case of
Opportunistic Networks,” Proc. Workshop on Distributed Systems and
Networks at the WWIC 2006 Conference, Bern, Switzerland, May 2006
(invited paper, proceedings to appear).
Leszek Lilien, Z. Huma Kamal, Vijay Bhuse and Ajay Gupta,
"Opportunistic Networks: The Concept and Research Challenges in
Privacy and Security,” Proc. International Workshop on Research
Challenges in Security and Privacy for Mobile and Wireless Networks
(WSPWN 2006), Miami, Florida, March 2006.
5.
Sept. 2006
B. Bhargava, L. Lilien, A. Rosenthal, and M. Winslett, “Pervasive Trust,”
IEEE Intelligent Systems, vol. 19(5), Sep./Oct.2004, pp. 74-77 (first brief
mention of the oppnet idea, in the form of malevolent opportunistic
sensor networks).
41
Selected WiSe Lab Publications on Privacy, Trust,
Security, Pervasive Computing & Sensornets
1.
2.
3.
4.
5.
6.
7.
8.
9.
© Leszek T. Lilien 2006
10.
11.
12.
13.
14.
15.
Sept. 2006
V. Bhuse, A. Gupta, and L. Lilien, "Research challenges in lightweight intrusion detection for sensornets" (submitted for
publication).
L. Lilien and B. Bhargava, ”A Scheme for Privacy-preserving Data Dissemination,” IEEE Transactions on Systems, Man and
Cybernetics (to appear).
T. Canli, M. Terwilliger, A. Gupta and A. Khokhar, "Power Efficient Algorithms for Computing Fast Fourier Transform over Wireless
Sensor Networks," Proc. Fourth ACS/IEEE Conference on Computer Systems and Applications, Dubai, UAE, March 2006.
V. Bhuse, A. Gupta and L. Lilien, "DPDSN: Detection of packet-dropping attacks for wireless sensor networks," Proc.
4th International Trusted Internet Workshop (TIW), International Conference on High Performance Computing, Goa, India,
December 2005.
A. Gupta and V. Bhuse, “Anomaly Intrusion Detection in Wireless Sensor Networks," Journal of High Speed Networks, vol. 15, issue
1, January-March 2006.
M. Terwilliger, A. Gupta, A. Khokhar and G. Greenwood, "Localization using Evolution Strategies in Sensornets," Proc. IEEE
Congress on Evolutionary Computation, Edinburgh, UK, September 2005.
V. Bhuse, A. Gupta, M. Terwilliger, Z. Yang and Z. Kamal, "Using Routing Data for Information Authentication in Sensor Networks,"
Proc. 3rd International Trusted Internet Workshop (TIW), International Conference on High Performance Computing, Bangalore,
India, December 2004.
T. Canli, M. Terwilliger, A. Gupta and A. Khokhar, "Power-Time Efficient Algorithm for Computing FFT in Sensor Networks,"
(Extended Abstract). Proc. Second ACM Conference on Embedded Networked Sensor Systems (SenSys), Baltimore, Maryland,
November 2004.
B. Bhargava, L. Lilien, A. Rosenthal, and M. Winslett, “Pervasive Trust,” IEEE Intelligent Systems, vol. 19(5), Sep./Oct.2004, pp. 7477.
B. Bhargava and L. Lilien, “Private and Trusted Collaborations,” Proc. Secure Knowledge Management (SKM 2004): A Workshop,
Amherst, NY, Sep. 2004.
M. Jenamani, L. Lilien, and B. Bhargava, “Anonymizing Web Services Through a Club Mechanism with Economic Incentives,” Proc.
International Conference on Web Services (ICWS 2004), San Diego, California, July 2004, pp. 792-795.
Z. Kamal, M. Salahuddin, A. Gupta, M. Terwilliger, V. Bhuse and B. Beckmann, "Analytical Analysis of Data and Decision Fusion in
Sensor Networks," Proc. 2004 International Conference on Embedded Systems and Applications. Las Vegas, June 2004.
M. Terwilliger, A. Gupta, V. Bhuse, Z. Kamal, and M. Salahuddin, "A Localization System Using Wireless Sensor Networks: A
Comparison of Two Techniques," Proc. 2004 Workshop on Positioning, Navigation and Communication, Hanover, Germany, March
2004 , pp. 95-100.
V. Bhuse, A. Gupta and R. Pidva, "A Distributed Approach to Security in Sensornets," Proc. 58th IEEE Semiannual Vehicular
Technology Conference, Orlando, Florida, USA, October 2003.
L. Lilien, “Developing Pervasive Trust Paradigm for Authentication and Authorization,” Proc. Third Cracow Grid Workshop (CGW’03),
Kraków (Cracow), Poland, October 2003, pp. 42-49 (invited paper).
42
WiSe Lab Experience in Sensornets –
Selected Projects Since January 2003
NOTE: Results directly useful for oppnets are marked with an asterisk (*)
© Leszek T. Lilien 2006
Sept. 2006
Designing of WiSe Security Protocols: DSPS
Location Tracker Using Motes (*)
RHS: Remote Home Surveillance (*)
Directed Diffusion: Attacks & Countermeasures
Improving the Accuracy of Mote Measurements
by Using Neural Networks
SOMS: Smart Occupancy Monitoring System Using Motes (*)
Comparative Study of Network Simulators
Collaborative Image Processing (*)
DENSe: a Development Environment for Networked Sensors
Incorporating Mobile-ware in Distributed Computations / Grids (*)
Extending the ns-2 Simulator to Satellite and WCN Simulations
Smart Antennas for WCNs
Energy Efficient MAC Protocols for IEEE 802.11x
A Wireless Security Testing System (*)
Mobile and Self-Calibrating Irrigation System
Collective Communications for Sensornets (*)
43
© Leszek T. Lilien 2006
Thank you very much
for your time and attention!
Sept. 2006