research-article

Combating Software and Sybil Attacks to Data Integrity in Crowd-Sourced Embedded Systems

Authors:

Nirupama Bulusu,

Wen HuAuthors Info & Claims

ACM Transactions on Embedded Computing Systems (TECS), Volume 13, Issue 5s

Article No.: 154, Pages 1 - 19

https://doi.org/10.1145/2629338

Published: 06 October 2014 Publication History

Abstract

Crowd-sourced mobile embedded systems allow people to contribute sensor data, for critical applications, including transportation, emergency response and eHealth. Data integrity becomes imperative as malicious participants can launch software and Sybil attacks modifying the sensing platform and data. To address these attacks, we develop (1) a Trusted Sensing Peripheral (TSP) enabling collection of high-integrity raw or aggregated data, and participation in applications requiring additional modalities; and (2) a Secure Tasking and Aggregation Protocol (STAP) enabling aggregation of TSP trusted readings by untrusted intermediaries, while efficiently detecting fabricators. Evaluations demonstrate that TSP and STAP are practical and energy-efficient.

References

[1]

Advanced Micro Devices. SVM: AMD's virtualization technology. www.xen.org/files/xs0106_amd_virtualization.pdf.

[2]

E. Agapie, G. Chen, and D. Houston et al. 2008. Seeing our signals: Combining location traces and Web-based models for personal discovery. In Proceedings of ACM HotMobile. 6--10.

Digital Library

[3]

B. An, F. Ordez, M. Tambe, E. Shieh, R. Yang, C. Baldwin, J. DiRenzo, K. Moretti, B. Maule, and G. Meyer. 2013. A deployed quantal response-based patrol planning system for the U.S. Coast Guard. Interfaces 43, 5, 400--420.

Digital Library

[4]

R. Anderson. 2003. ‘Trusted Computing’ frequently asked questions. http://www.cl.cam.ac.uk/~rja14/tcpa- faq.html.

[5]

Atmel Corporation. The Atmel trusted platform module. www.atmel.com/dyn/resources/prod_documents/doc5128.pdf.

[6]

N. Baughman and B. Levine. 2001. Cheat-proof playout for centralized and distributed online games. In Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM).

[7]

Bluetooth Special Interest Group. 2009. Core version 3.0 + HS. https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx&quest;doc_id=174214.

[8]

J. Burke, D. Estrin, M. Hansen, A. Parker, N. Ramanathan, S. Reddy, and M. Srivastava. 2006. Participatory sensing. In Proceedings of the ACM Sensys Workshop on World-Sensor-Web.

[9]

D. Chaum, I. Damgård, and J. van de Graaf. 1987. Multiparty computations ensuring privacy of each party's input and correctness of the result. In Advances in Cryptology, Springer, 87--119.

Digital Library

[10]

CNN. CNN iReport - Share your story, discuss the issues with CNN.com. http://www.ireport.com/.

[11]

P. Denantes, F. Bénézit, P. Thiran, and M. Vetterli. 2008. Which distributed averaging algorithm should I choose for my sensor network&quest; In Proceedings of the 27th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies (INFOCOM). 986--994.

[12]

R. Dingledine, N. Mathewson, and P. Syverson. 2004. Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium.

Digital Library

[13]

J. Douceur. 2002. The Sybil attack. In Proceedings of the IPTPS Workshop.

Digital Library

[14]

A. Dua, N. Bulusu, W. Feng, and W. Hu. 2009. Towards trustworthy participatory sensing. In Proceedings of the 4th USENIX Workshop on Hot Topics in Security (HotSec).

Digital Library

[15]

S. Eisenman, E. Miluzzo, N. Lane, R. Peterson, G. Ahn, and A. Campbell. 2007. TheBikeNet mobile sensing system for cyclist experience mapping. In Proceedings of the 5th International Conference on Embedded Networked Sensor Systems. ACM, 87--101.

Digital Library

[16]

A. Francillon and C. Castelluccia. 2008. Code injection attacks on Harvard-architecture devices. In Proceedings of the 15th ACM Conference on Computer and Communications Security. 15--26.

Digital Library

[17]

S. Ganeriwal, L. Balzano, and M. Srivastava. 2008. Reputation-based framework for high integrity sensor networks. ACM Trans. Sens. Netw. 4, 3.

Digital Library

[18]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. 2003. Terra: A virtual machine-based platform for trusted computing. ACM SIGOPS Oper. Syst. Rev. 37, 5, 206.

Digital Library

[19]

P. Gilbert, J. Jung, K. Lee, H. Qin, D. Sharkey, A. Sheth, and L. P. Cox. 2011. Youprove: authenticity and fidelity in mobile sensing. In Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys). 176--189.

Digital Library

[20]

K. Higgins. 2010. Smartphone Weather App Builds a Mobile Botnet. http://www.darkreading. com/insiderthreat/security/client/showArticle.jhtml&quest;articleID=223200001.

[21]

W. Hu, P. Corke, W. C. Shih, and L. Overs. 2009. secFleck: A public key technology platform for wireless sensor networks. In Proceedings of EWSN. 296--311.

Digital Library

[22]

B. Hull, V. Bychkovsky, Y. Zhang, K. Chen, M. Goraczko, A. Miu, E. Shih, H. Balakrishnan, and S. Madden. 2006. Cartel: A distributed mobile sensor computing system. In Proceedings of ACM SenSys. 125--138.

Digital Library

[23]

Intel Corporation. Intel trusted execution technology. http://www.intel.com/technology/security/.

[24]

A. Kapadia, N. Triandopoulos, C. Cornelius, D. Peebles, and D. Kotz. 2008. Anony- Sense: Opportunistic and privacy-preserving context collection. In Lecture Notes in Computer Science, vol. 5013, 280.

Digital Library

[25]

D. Korzhyk, Z. Yin, C. Kiekintveld, V. Conitzer, and M. Tambe. 2011. Stackelberg vs Nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. J. Artif. Int. Res. 41, 2, 297--327.

Digital Library

[26]

N. Lathia, K. K. Rachuri, C. Mascolo, and P. J. Rentfrow. 2013. Contextual dissonance: Design bias in sensor-based experience sampling methods. In Proceedings of the ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp). 183--192.

Digital Library

[27]

J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In Proceedings of ACM SIGOPS/EuroSys. 315--328.

Digital Library

[28]

S. Nath, J. Liu, J. Miller, F. Zhao, and A. Santanche. 2006. SensorMap: A Web site for sensors world-wide. In Proceedings of ACM SenSys. 373--374.

Digital Library

[29]

openssl.org. Openssl: The open source toolkit for ssl/tls. http://www.openssl.org/.

[30]

J. Padgette, K. Scarfone, and L. Chen. 2012. Guide to Bluetooth Security. http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf.

[31]

E. Paulos, I. Smith, and R. Honicky. Participatory urbanism. http://www.urban-atmospheres.net/ParticipatoryUrbanism/index.html.

[32]

R. A. Popa, H. Balakrishnan, and A. J. Blumberg. 2009. Vpriv: Protecting privacy in location-based vehicular services. In Proceedings of the USENIX Security Symposium. 335--350.

Digital Library

[33]

B. Przydatek, D. Song, and A. Perrig. 2003. SIA: Secure Information Aggregation in Sensor Networks. In Proceedings of ACM SenSys. 255--265.

Digital Library

[34]

V. Rastogi and S. Nath. 2010. Differentially private aggregation of distributed time-series with transformation and encryption. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 735--746.

Digital Library

[35]

S. Reddy, A. Parker, J. Hyman, J. Burke, D. Estrin, and M. Hansen. 2007. Image browsing, processing, and clustering for participatory sensing: Lessons from a DietSense prototype. In Proceedings of ACM SenSys. 13--17.

Digital Library

[36]

R. Sailer, X. Zhang, T. Jaeger, and L. Van Doorn. 2004. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the USENIX Security Symposium. 223--238.

Digital Library

[37]

B. Schneier. 2002. Palladium and the TCPA. http://www.schneier.com/crypto-gram-0208.html&num;1.

[38]

A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. 2005. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In Proceedings of ACM SIGOPS 39, 5, 1--16.

Digital Library

[39]

A. Seshadri, A. Perrig, L. Van Doorn, and P. Khosla. 2004. SWATT: Software-based attestation for embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy. Citeseer, 272--282.

[40]

A. Sharma, L. Golubchik, and R. Govindan. 2007. On the prevalence of sensor faults in real-world deployments. In Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON). 213--222.

[41]

E. Shi, T.-H. H. Chan, E. G. Rieffel, R. Chow, and D. Song. 2011. Privacy-preserving aggregation of time-series data. In Proceedings of NDSS. Vol. 2. 4.

[42]

P. Sikka, P. Corke, L. Overs, P. Valencia, and T. Wark. 2007. Fleck: A platform for real-world outdoor sensor networks. In Proceedings of the 3rd International Conference on Intelligent Sensors, Sensor Networks and Information. 709--714.

[43]

F. Stajano and R. Anderson. 2000. The resurrecting duckling: Security issues for ad-hoc wireless networks. Lecture Notes in Computer Science, vol. 1796, 172--182.

Digital Library

[44]

The H. Security. 2010. Hacker extracts crypto key from TPM chip. http://www.h-online.com/security/news/item/Hacker-extracts-crypto-key-from-TPM-chip-927077.html.

[45]

TI. 2012. Wireless Connectivity - ZigBee (IEEE 802.15.4/ZigBee PRO) - CC2538 - TI.com. http://www.ti. com/product/cc2538.

[46]

Trusted Computing Group a. About TCG. http://www.trustedcomputinggroup.org/about_tcg.

[47]

Trusted Computing Group b. Platform reset attack mitigation specification, Version 1.0. http://www. trustedcomputinggroup.org/resources/pc_client_work_group_platform_reset_attack_mitigation_specification_version_10/.

[48]

Trusted Computing Group c. Trusted platform module (TPM) specifications. http://www.trustedcomputinggroup.org/developers/trusted_platform_module/specifications.

[49]

Waze. Free GPS navigation with turn by turn directions. http://www.waze.com/homepage/.

[50]

S. Zhu, S. Setia, S. Jajodia, and P. Ning. 2004. An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks. In Proceedings of the IEEE Symposium on Security and Privacy. 259--271.

Cited By

Sun PWang ZWu LShao HQi HWang Z(2021)Trustworthy and Cost-Effective Cell Selection for Sparse Mobile Crowdsensing SystemsIEEE Transactions on Vehicular Technology10.1109/TVT.2021.307711270:6(6108-6121)Online publication date: Jun-2021
https://doi.org/10.1109/TVT.2021.3077112
Zhao PJiang HLi JXiao ZLiu DRen JGuo D(2021)Garbage In, Garbage Out: Poisoning Attacks Disguised With Plausible Mobility in Data AggregationIEEE Transactions on Network Science and Engineering10.1109/TNSE.2021.31039198:3(2679-2693)Online publication date: 1-Jul-2021
https://doi.org/10.1109/TNSE.2021.3103919
Li MSun YLu HMaharjan STian Z(2020)Deep Reinforcement Learning for Partially Observable Data Poisoning Attack in Crowdsensing SystemsIEEE Internet of Things Journal10.1109/JIOT.2019.29629147:7(6266-6278)Online publication date: Jul-2020
https://doi.org/10.1109/JIOT.2019.2962914
Show More Cited By

Index Terms

Combating Software and Sybil Attacks to Data Integrity in Crowd-Sourced Embedded Systems

Recommendations

Game Theoretical Defense Mechanism Against Reputation Based Sybil Attacks
Abstract
Reputation mechanisms of a network or p2p applications can be compromised by a large number of fake or stolen identities recommending higher trust values of a malicious node. A high trust value classify such malicious or selfish nodes as ...
Combating sybil attacks in cooperative systems
Evaluation of Sybil Attacks Protection Schemes in KAD
AIMS '09: Proceedings of the 3rd International Conference on Autonomous Infrastructure, Management and Security: Scalability of Networks and Services

In this paper, we assess the protection mechanisms entered into recent clients to fight against the Sybil attack in KAD, a widely deployed Distributed Hash Table. We study three main mechanisms: a protection against flooding through packet tracking, an ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems

ACM Transactions on Embedded Computing Systems Volume 13, Issue 5s

Special Issue on Risk and Trust in Embedded Critical Systems, Special Issue on Real-Time, Embedded and Cyber-Physical Systems, Special Issue on Virtual Prototyping of Parallel and Embedded Systems (ViPES)

November 2014

501 pages

ISSN:1539-9087

EISSN:1558-3465

DOI:10.1145/2660459

Editor:
Sandeep K. Shukla
Virginia Tech, USA

Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 06 October 2014

Accepted: 01 February 2014

Revised: 01 November 2013

Received: 01 April 2013

Published in TECS Volume 13, Issue 5s

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
271
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sun PWang ZWu LShao HQi HWang Z(2021)Trustworthy and Cost-Effective Cell Selection for Sparse Mobile Crowdsensing SystemsIEEE Transactions on Vehicular Technology10.1109/TVT.2021.307711270:6(6108-6121)Online publication date: Jun-2021
https://doi.org/10.1109/TVT.2021.3077112
Zhao PJiang HLi JXiao ZLiu DRen JGuo D(2021)Garbage In, Garbage Out: Poisoning Attacks Disguised With Plausible Mobility in Data AggregationIEEE Transactions on Network Science and Engineering10.1109/TNSE.2021.31039198:3(2679-2693)Online publication date: 1-Jul-2021
https://doi.org/10.1109/TNSE.2021.3103919
Li MSun YLu HMaharjan STian Z(2020)Deep Reinforcement Learning for Partially Observable Data Poisoning Attack in Crowdsensing SystemsIEEE Internet of Things Journal10.1109/JIOT.2019.29629147:7(6266-6278)Online publication date: Jul-2020
https://doi.org/10.1109/JIOT.2019.2962914
Miao CLi QXiao HJiang WHuai MSu L(2018)Towards Data Poisoning Attacks in Crowd Sensing SystemsProceedings of the Eighteenth ACM International Symposium on Mobile Ad Hoc Networking and Computing10.1145/3209582.3209594(111-120)Online publication date: 26-Jun-2018
https://dl.acm.org/doi/10.1145/3209582.3209594
Feng WYan ZZhang HZeng KXiao YHou Y(2018)A Survey on Security, Privacy, and Trust in Mobile CrowdsourcingIEEE Internet of Things Journal10.1109/JIOT.2017.27656995:4(2971-2992)Online publication date: Aug-2018
https://doi.org/10.1109/JIOT.2017.2765699
Klein IBen-Elia E(2018)Emergence of cooperative route-choice: A model and experiment of compliance with system-optimal ATISTransportation Research Part F: Traffic Psychology and Behaviour10.1016/j.trf.2018.09.00759(348-364)Online publication date: Nov-2018
https://doi.org/10.1016/j.trf.2018.09.007
Gai KQiu LChen MZhao HQiu M(2017)SA-EASTACM Transactions on Embedded Computing Systems10.1145/297967716:2(1-22)Online publication date: 2-Jan-2017
https://dl.acm.org/doi/10.1145/2979677

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents