trust, washington, d.c. meeting january 9–10, 2006 securing public spaces with sensor networks:...

TRUST, Washington, D.C. Meeting January 9–10, 2006

Securing Public Spaces with Sensor Networks: Science, Technology, and Privacy

Stephen Wicker

Cornell University


TRUST Activity

TRUST is engaged in the development of embedded secure sensor networks – Integrated center R&D at all levels

Sensor Technology Networks Applications Policy/Legal Issues

Activity at several members schools and Oak Ridge is being merged into capstone projects– Goal: Demonstration technologies and

implemented policies


Sensor Technology - The Mote


Sensors for Bio-Defense

Bi-layer lipid membrane used to create designer bio-sensors

– When target analyte binds to protein, ion channel conductivity increases.

Currently considering use in water supply protection.

Sensor performance statistics used to define networking requirements.

Outside Player: NY Dept of

Health/ Wadsworth Laboratories

cis compartment

trans compartment lipid

bilayer

Ion channel

metallic gate


Long-Term Power Sources for Embedded Sensors

Radiation-powered batteries for embedded sensor platforms

– Radio-isotopes have the possibility of a 50 year life with a continuous power density of 1-10ma/cm3.

SiC based beta-voltaic cell has been developed and tested.

Best measured power density for Ni-63 source 5.6nW/cm2

with 4.4% efficiency. Best measured power density

for tritium source ~1uW/cm2

with 10% efficiency.


Sensor Platform Technologies

CU Asynchronous Processor

– Event-driven execution is ideal for sensor platforms

Clockless logic– Spurious signal transitions

(wasted power) eliminated– Hardware only active if it

is used for the computation

MIPS: high-performance– 24pJ/ins and 28 MIPS @

0.6V

Processor Bus Year E/op Ops/sec

Atmel 8 200? 1-4 nJ 4 MIPS

StrongARM 32 200? 1.9 nJ 130 MIPS

MiniMIPS 32 1998 2.3 nJ* 22 MIPS

Amulet3i 32 2000 1.6 nJ* 80 MIPS

80C51 (P) 8 1998 1 nJ** 4 MIPS

Lutonium 8 2003 43 pJ 4 MIPS

SNAP 16 2003 24 pJ 28 MIPS


Designer OS for Sensor Networks

Tiny OS– Large, active open source community: – 500 research groups worldwide– OEP for DARPA Network Embedded Systems

Technology– Thousands of active implementations - the

world’s largest (distributed)sensor testbed MagnetOS: Provide a unifying single-

system image abstraction– The entire network looks like a single Java

virtual machine– MagnetOS performs automatic partitioning

Converts applications into distributed components that communicate over a network

– MagnetOS provides transparent component migration

Moves application components within the network to improve performance metrics

MagnetOSRewriter


Sextant: Node Localization

Use of large numbers of randomly distributed nodes creates need to discover geographic location

– GPS is bulky, expensive, power-hungry

Set up a set of geographic constraints and solve it in a distributed fashion

– Aggressively extract constraints– Use just a few landmarks (e.g. GPS nodes) to anchor the

constraints

Can determine node location with good accuracy, without GPS or other dedicated hardware


SHARP: Hybrid Routing Protocol

Two extremes in routing– Proactive: disseminate routes regardless of

need– Reactive: discover routes when necessary

Neither are optimal for dynamic sensor networks

SHARP adaptively finds the balance point between reactive and proactive routing

– Enables multiple nodes in the network to optimize the routing layer for different metrics

– Outperforms purely reactive and proactive approaches across a range of network conditions


Self-Configuration at all Levels

Motivations for Game Theory/Mechanism Design– Efficiency: ability of market-based distributed control

mechanisms to move complex networks toward optimal operating points.

– Scalability:distributed decision-making inherent in market settings.

Interaction and decisions are local, obviating the need for a global perspective (which is both memory- and computationally-intensive).

Critical Tools: Equilibrium concepts, utility-based decision making, and bargaining.

ECE, CS, and Economics at several schools


Securing the Sensor Network

Key Thrust at CMU– Secure building blocks

Secure key distribution Secure node-to-node and broadcast communication Secure routing Secure information aggregation

– Real-time aspects and security– Secure middleware– Secure information processing– Sensing biometrics– Sensor database processing– Internet-scale sensor networks


Application: Security in Public Spaces

July 2005 London bombings highlights need for sensors in public places

– Also the extent of ongoing surveillance

– See also Tokyo gas attacks, etc.

More modern infrastructure in most US urban settings creates opportunities.


Sensor Networks in Public Places

Protecting Infrastructure– Opportunities for embedding sensor networks

Transportation Storage and Delivery of Water and Fuel Power Grid

– TRUST is emphasizing development of supporting technology for randomly distributed sensors

Buildings– Combine surveillance with energy control– Integrate into building materials

Open Spaces (parks, plazas, etc.)– Combine surveillance with environmental monitoring – Line-of-sight surveillance technologies


Oak Ridge/SensorNet

Netw

orkS

ervices

Single Domain

Multiple Domains

Regional Level

National Warning and Alert System


Transportation Based Threat Assessment Demonstration

Trucks can by-pass Mobile system under development Rapidly Deployable Low profile Integrated into Law Enforcement

Establish truck RAD profile Predict manifest RAD profile Fuse external data sources Compare with past scans Determine if acceptable


Privacy Issues Arise*…

Technology leaves policy behind– Internet-controllable cameras in Berkeley plaza– Kyllo case

Many sensor networks collect personally identifiable information (PII)

– (Intended) Monitoring activities of the elderly so they can safely live at home

– Network of highway monitors that can sense FastTRAK transponders in automobiles

– (Unintended) - Sensing persons in buildings as part of embedded sensing for disaster preparedness or light savings

Comprehensive information privacy regulations in EU and other countries, but not in US

*Thanks to P. Samuelson, D. Mulligan, Bolt School of Law


Constitutional Boundaries?

US v. Miller: persons have no protectable privacy interest in data about them held by third parties

– e.g., images of personal checks held by banking institutions– sensor network data will be in hands of others

Kyllo v. US: use of heat-sensing technology violated 4th A. (5-4 decision)

– "[w]here, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a 'search' and is presumptively unreasonable without a warrant.” Justice Scalia

– "observations were made with a fairly primitive thermal imager that gathered data exposed on the outside of [Kyllo's] home but did not invade any constitutionally protected interest in privacy," and were, thus, "information in the public domain.”

Justice Stevens, in dissent


Policy Development

Extend Fair Information Practices – Limitations on collection of data (only get what you need);

destroy data after need is fulfilled– Right to collect data for specific purpose only (if want to

reuse for other purpose, you have to get new permission)– Notice of data collection/purpose and consent– Obligations to keep data accurate, secure– Subject has right of access to check data accuracy, insist on

changes– Accountability if data is incorrect or disclosed


TRUST Capstone Projects

Integrate Science, Technology, and Policy– Oak Ridge SensorNet Project

Balancing security against privacy Issues: Limiting acuity to meet security needs only

– Remote Sensing/Medical Portal Project Remote monitoring of cardiac patients Issues: Privacy-aware transport, variable levels of access

– Museum Project Expressive AI projects using sensors to monitor patrons

at public demonstrations Issues: Minimization of acuity, single-use, notification

Policy Development– Cross-cutting effort to refine best practices in light

of new and future sensor technologies.


Security Thrusts

Develop Taxonomy of Attacks– Attacks with and without defined defenses– Generic basis on which to evaluate new networks

Characterizing Worst-Case Results– Statistical learning proposed as a means for

determining what can be inferred from data– One basis for evaluating privacy concerns

Ties into privacy road map


Privacy Thrusts

Noted that policy instruments lag technology development

Proposed development of Privacy Road Map that will frontload policy development

– Map sensor capabilities and network mission into deployment and data use rules

– Key near-term: RFIDs, broad-based visual surveillance– Raises issue of impact of network configuration and heterogeneity

on road map

Approach: Extend fair information practices to cover sensor nets at regulatory or legislative level

– Consent enablement is an important issue

trust, washington, d.c. meeting january 9–10, 2006 securing public spaces with sensor networks:...

Documents

trust activity trust

mips amulet3i3220001

computation mips

mote slide

sensor performance statistics

network magnetos

nj130 mips minimips3219982

nj4 mips strongarm32200