Data Trustworthiness in the Internet of Everything
Funded by CSIRO/Data61 R+ (previously known as OCE) Postdoctoral Fellow Award | |
Partners: | S. Nepal, Diethelm Ostry, Sanjay Jha and E. Bertino |
Duration: | 2016 (3 Months) |
The Internet-of-Everything (IoE) encompasses a wide range of devices whose purpose is to connect the physical world to the digital world. IoE applications will ultimately be deployed across domains ranging through medical sciences, biophysical sciences, precision agriculture, water management, smart manufacturing, smart transport, and environmental sciences. Sensor devices will collect a vast quantity of application-specific measurement data such as patients’ vital signs, weather parameters, plant pathogens, vehicle movement and status, airborne pollutants, energy distribution, and water consumption and reserves. The development of these systems is driven by the need to optimise the use of scarce resources, provide better services and increase productivity through access to high quality real-time data. However, ubiquitous deployment and continuous access bring their own vulnerabilities. Unless security, privacy and trust features are built in during the design, deployment and operational phases, these systems can readily be compromised, making the IoE an easy target for attackers. A recent report found that 38% of victims of a cryptocurrency mining worm were IoE devices. There is a clear danger that the promising vision of IoE could instead become the chaos of an Internet of Vulnerable Things where critical decisions might be wrongly based on incorrect data acquired from poorly designed, faulty, or malicious devices. As more reliance is placed on large automated systems in future (for example, large-scale smart health care systems where life-critical decisions will demand high quality data), data trustworthiness will be a key guarantee to address these vulnerabilities and by increasing confidence in IoE security will promote the benefits of early adoption.
Data trustworthiness is an articulated requirement; it requires that data simultaneously possesses three related properties: Security, Privacy and Verifiability (SPV). Data Security encompasses the concepts of data confidentiality, integrity and availability (CIA). Data Privacy requires that the data owner should have control over the data and its use. The third component of data trustworthiness, Data Verifiability, ideally comprises four components: an audit trail, establishing the exact path that the data took in traversing the network; authentication, asserting that the data certainly came from the claimed sender; non-repudiation, the property that a sender cannot later deny sending data it originated and that the data holder cannot deny receiving the data; and freshness, meaning that the data has not been sent previously. In this project, we will focus on delivering the data verifiability property as it is currently both a major obstacle to achieving data trustworthiness in the IoE, and the least explored. The problem of data verifiability has recently attracted the attention of researchers across the domains of data privacy, security, and trust management. Solutions proposed to-date (such as the traditional data security implemented through a public key infrastructure, and trustworthiness established via a trusted third party) are not directly portable to the IoE environment because of severe constraints on energy, communication and storage in IoE devices. Furthermore, the public key infrastructure (PKI) needed to support cryptographic security capabilities relies on maintaining trusted private and public certificate authorities that are vulnerable to manipulation and tampering. Also, by the nature of the IoE, devices will be deployed in unsecured environments, making them vulnerable to physical compromise.
This project considers a promising approach to recast block chain technology as a provenance protocol that can accommodate different types of IoE data as it is generated, transferred and processed at consecutive levels of the IoE infrastructure hierarchy. Block chain technology was originally developed by the pseudonymous Satoshi Nakamoto, inspired by cryptocurrencies and distributed databases. A block chain is a distributed data structure and protocol able to provide authentication without requiring a trusted third party. The particular block chain architecture used in Nakamoto’s cyber-currency bitcoin is far too computationally intensive for direct implementation in IoE nodes. The IoE infrastructure consists of IoE nodes, edge routers, and servers, where edge routers and servers can be assumed to have significantly more computational capacity than nodes. Our approach will be to develop a low energy means of implementing the core block chain functionality, including authentication and provenance, within the IoE infrastructure by pushing the block chain operation as close to the network edge as possible to allow for very simple edge nodes but also to enable node monitoring and data validation to be performed in real time. This will require a new block chain design specifically tailored for IoE infrastructure.