Akshay Dua

Combating Software and Sybil Attacks to Data Integrity in Crowd-Sourced Embedded Systems

Crowd-sourced mobile embedded systems allow people to contribute sensor data, for critical applications, including transportation, emergency response and eHealth. Data integrity becomes imperative as malicious participants can launch software and Sybil attacks modifying the sensing platform and data. To address these attacks, we develop (1) a Trusted Sensing Peripheral (TSP) enabling collection of high-integrity raw or aggregated data, and participation in applications requiring additional modalities; and (2) a Secure Tasking and Aggregation Protocol (STAP) enabling aggregation of TSP trusted readings by untrusted intermediaries, while efficiently detecting fabricators. Evaluations demonstrate that TSP and STAP are practical and energy-efficient.

SpotCheck: An efficient defense against information exposure cheats

A lot of hidden information is present in client programs of most existing online multi-player games. This hidden information is necessary for clients to render a players view of the game. However, the same hidden information can be exploited by cheaters to gain an unfair advantage over other players. Eliminating hidden information from the game client comes at a significant cost to the server, since it must now send the data required to render a clients view on-demand. Consequently, the burden of tracking a players view shifts from the client to the server, hindering scalability and degrading game performance. We propose SpotCheck, a more scalable approach for detecting information exposure cheats. The key idea is that servers still disseminate game state information on-demand, but clients retain the burden of tracking a players view. After each move, clients must submit a descriptor pertaining to the players view. The server then randomly chooses to validate the descriptor and sends back relevant game state information. Our experimental results show, that SpotCheck can reduce the server CPU overhead by as much as half when compared to the alternative, while still being an effective defense against information exposure cheats.

Resource-aware broadcast encryption for selective-sharing in mobile social sensing

The rapid proliferation of smartphones has led to the emergence of mobile social sensing applications, spanning sharing of health data, location-based encounters, and transportation. A major concern for such applications is selective sharing, i.e., how does a user publish a sensor data stream confidentially to only authorized members in his/her social network? The needs of mobile sensing applications, such as dynamic communities and data dissemination from resource-constrained handhelds, make this problem more challenging than apparent. The novelty of this paper lies in the use of a cryptographic scheme called broadcast encryption to enable selective sharing for mobile social sensing. This is in contrast to unicast or pairwise encryption that is commonly used today. We evaluate state-of-art broadcast encryption schemes and note that they provide either efficiency, or adaptation to dynamic group sizes, but not both. We propose ECS (Extended Complete Subtree), a resource-aware broadcast encryption scheme that can efficiently support dynamic groups. We implement each encryption scheme on the Nokia N800 handheld device and demonstrate that ECS is more feasible than other schemes in terms of key storage, code size, and encryption and decryption efficiency.

Privacy-Preserving Online Mixing of High Integrity Mobile Multi-user Data

Crowd-sourced sensing systems facilitate unprecedented insight into our local environments by leveraging voluntarily contributed data from the impressive array of smartphone sensors (GPS, audio, image, accelerometer, etc.). However, user participation in crowd-sourced sensing will be inhibited if people cannot trust the system to maintain their privacy. On the other hand, data modified for privacy may be of limited use to the system without mechanisms to verify integrity. In this paper, we present an interactive proof protocol that allows an intermediary to convince a data consumer that it is accurately performing a privacy-preserving transformation mixing inputs from multiple expected sources, but without revealing those inputs. Additionally, we discuss privacy transformation functions that are compatible with the protocol, and show that the protocol introduces very little overhead, making it ideal for real-time crowd-sourced data collection.