trust, washington, d.c. meeting january 9–10, 2006 securing public spaces with sensor networks:...
TRANSCRIPT
TRUST, Washington, D.C. Meeting January 9–10, 2006
Securing Public Spaces with Sensor Networks: Science, Technology, and Privacy
Stephen Wicker
Cornell University
TRUST, Washington, D.C. Meeting January 9–10, 2006
TRUST Activity
TRUST is engaged in the development of embedded secure sensor networks – Integrated center R&D at all levels
Sensor Technology Networks Applications Policy/Legal Issues
Activity at several members schools and Oak Ridge is being merged into capstone projects– Goal: Demonstration technologies and
implemented policies
TRUST, Washington, D.C. Meeting January 9–10, 2006
Sensors for Bio-Defense
Bi-layer lipid membrane used to create designer bio-sensors
– When target analyte binds to protein, ion channel conductivity increases.
Currently considering use in water supply protection.
Sensor performance statistics used to define networking requirements.
Outside Player: NY Dept of
Health/ Wadsworth Laboratories
cis compartment
trans compartment lipid
bilayer
Ion channel
metallic gate
TRUST, Washington, D.C. Meeting January 9–10, 2006
Long-Term Power Sources for Embedded Sensors
Radiation-powered batteries for embedded sensor platforms
– Radio-isotopes have the possibility of a 50 year life with a continuous power density of 1-10ma/cm3.
SiC based beta-voltaic cell has been developed and tested.
Best measured power density for Ni-63 source 5.6nW/cm2
with 4.4% efficiency. Best measured power density
for tritium source ~1uW/cm2
with 10% efficiency.
TRUST, Washington, D.C. Meeting January 9–10, 2006
Sensor Platform Technologies
CU Asynchronous Processor
– Event-driven execution is ideal for sensor platforms
Clockless logic– Spurious signal transitions
(wasted power) eliminated– Hardware only active if it
is used for the computation
MIPS: high-performance– 24pJ/ins and 28 MIPS @
0.6V
Processor Bus Year E/op Ops/sec
Atmel 8 200? 1-4 nJ 4 MIPS
StrongARM 32 200? 1.9 nJ 130 MIPS
MiniMIPS 32 1998 2.3 nJ* 22 MIPS
Amulet3i 32 2000 1.6 nJ* 80 MIPS
80C51 (P) 8 1998 1 nJ** 4 MIPS
Lutonium 8 2003 43 pJ 4 MIPS
SNAP 16 2003 24 pJ 28 MIPS
TRUST, Washington, D.C. Meeting January 9–10, 2006
Designer OS for Sensor Networks
Tiny OS– Large, active open source community: – 500 research groups worldwide– OEP for DARPA Network Embedded Systems
Technology– Thousands of active implementations - the
world’s largest (distributed)sensor testbed MagnetOS: Provide a unifying single-
system image abstraction– The entire network looks like a single Java
virtual machine– MagnetOS performs automatic partitioning
Converts applications into distributed components that communicate over a network
– MagnetOS provides transparent component migration
Moves application components within the network to improve performance metrics
MagnetOSRewriter
TRUST, Washington, D.C. Meeting January 9–10, 2006
Sextant: Node Localization
Use of large numbers of randomly distributed nodes creates need to discover geographic location
– GPS is bulky, expensive, power-hungry
Set up a set of geographic constraints and solve it in a distributed fashion
– Aggressively extract constraints– Use just a few landmarks (e.g. GPS nodes) to anchor the
constraints
Can determine node location with good accuracy, without GPS or other dedicated hardware
TRUST, Washington, D.C. Meeting January 9–10, 2006
SHARP: Hybrid Routing Protocol
Two extremes in routing– Proactive: disseminate routes regardless of
need– Reactive: discover routes when necessary
Neither are optimal for dynamic sensor networks
SHARP adaptively finds the balance point between reactive and proactive routing
– Enables multiple nodes in the network to optimize the routing layer for different metrics
– Outperforms purely reactive and proactive approaches across a range of network conditions
TRUST, Washington, D.C. Meeting January 9–10, 2006
Self-Configuration at all Levels
Motivations for Game Theory/Mechanism Design– Efficiency: ability of market-based distributed control
mechanisms to move complex networks toward optimal operating points.
– Scalability:distributed decision-making inherent in market settings.
Interaction and decisions are local, obviating the need for a global perspective (which is both memory- and computationally-intensive).
Critical Tools: Equilibrium concepts, utility-based decision making, and bargaining.
ECE, CS, and Economics at several schools
TRUST, Washington, D.C. Meeting January 9–10, 2006
Securing the Sensor Network
Key Thrust at CMU– Secure building blocks
Secure key distribution Secure node-to-node and broadcast communication Secure routing Secure information aggregation
– Real-time aspects and security– Secure middleware– Secure information processing– Sensing biometrics– Sensor database processing– Internet-scale sensor networks
TRUST, Washington, D.C. Meeting January 9–10, 2006
Application: Security in Public Spaces
July 2005 London bombings highlights need for sensors in public places
– Also the extent of ongoing surveillance
– See also Tokyo gas attacks, etc.
More modern infrastructure in most US urban settings creates opportunities.
TRUST, Washington, D.C. Meeting January 9–10, 2006
Sensor Networks in Public Places
Protecting Infrastructure– Opportunities for embedding sensor networks
Transportation Storage and Delivery of Water and Fuel Power Grid
– TRUST is emphasizing development of supporting technology for randomly distributed sensors
Buildings– Combine surveillance with energy control– Integrate into building materials
Open Spaces (parks, plazas, etc.)– Combine surveillance with environmental monitoring – Line-of-sight surveillance technologies
TRUST, Washington, D.C. Meeting January 9–10, 2006
Oak Ridge/SensorNet
Netw
orkS
ervices
Single Domain
Multiple Domains
Regional Level
National Warning and Alert System
TRUST, Washington, D.C. Meeting January 9–10, 2006
Transportation Based Threat Assessment Demonstration
Trucks can by-pass Mobile system under development Rapidly Deployable Low profile Integrated into Law Enforcement
Establish truck RAD profile Predict manifest RAD profile Fuse external data sources Compare with past scans Determine if acceptable
TRUST, Washington, D.C. Meeting January 9–10, 2006
Privacy Issues Arise*…
Technology leaves policy behind– Internet-controllable cameras in Berkeley plaza– Kyllo case
Many sensor networks collect personally identifiable information (PII)
– (Intended) Monitoring activities of the elderly so they can safely live at home
– Network of highway monitors that can sense FastTRAK transponders in automobiles
– (Unintended) - Sensing persons in buildings as part of embedded sensing for disaster preparedness or light savings
Comprehensive information privacy regulations in EU and other countries, but not in US
*Thanks to P. Samuelson, D. Mulligan, Bolt School of Law
TRUST, Washington, D.C. Meeting January 9–10, 2006
Constitutional Boundaries?
US v. Miller: persons have no protectable privacy interest in data about them held by third parties
– e.g., images of personal checks held by banking institutions– sensor network data will be in hands of others
Kyllo v. US: use of heat-sensing technology violated 4th A. (5-4 decision)
– "[w]here, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a 'search' and is presumptively unreasonable without a warrant.” Justice Scalia
– "observations were made with a fairly primitive thermal imager that gathered data exposed on the outside of [Kyllo's] home but did not invade any constitutionally protected interest in privacy," and were, thus, "information in the public domain.”
Justice Stevens, in dissent
TRUST, Washington, D.C. Meeting January 9–10, 2006
Policy Development
Extend Fair Information Practices – Limitations on collection of data (only get what you need);
destroy data after need is fulfilled– Right to collect data for specific purpose only (if want to
reuse for other purpose, you have to get new permission)– Notice of data collection/purpose and consent– Obligations to keep data accurate, secure– Subject has right of access to check data accuracy, insist on
changes– Accountability if data is incorrect or disclosed
TRUST, Washington, D.C. Meeting January 9–10, 2006
TRUST Capstone Projects
Integrate Science, Technology, and Policy– Oak Ridge SensorNet Project
Balancing security against privacy Issues: Limiting acuity to meet security needs only
– Remote Sensing/Medical Portal Project Remote monitoring of cardiac patients Issues: Privacy-aware transport, variable levels of access
– Museum Project Expressive AI projects using sensors to monitor patrons
at public demonstrations Issues: Minimization of acuity, single-use, notification
Policy Development– Cross-cutting effort to refine best practices in light
of new and future sensor technologies.
TRUST, Washington, D.C. Meeting January 9–10, 2006
Security Thrusts
Develop Taxonomy of Attacks– Attacks with and without defined defenses– Generic basis on which to evaluate new networks
Characterizing Worst-Case Results– Statistical learning proposed as a means for
determining what can be inferred from data– One basis for evaluating privacy concerns
Ties into privacy road map
TRUST, Washington, D.C. Meeting January 9–10, 2006
Privacy Thrusts
Noted that policy instruments lag technology development
Proposed development of Privacy Road Map that will frontload policy development
– Map sensor capabilities and network mission into deployment and data use rules
– Key near-term: RFIDs, broad-based visual surveillance– Raises issue of impact of network configuration and heterogeneity
on road map
Approach: Extend fair information practices to cover sensor nets at regulatory or legislative level
– Consent enablement is an important issue