MDR Slides

righteousgaggleData Management

Jan 31, 2013 (4 years and 4 months ago)

141 views

Electrical and Computer Engineering

Secure Location
Tracking Platform

Nathan Franz

Emily Nelson

Thomas Petr

Shanka Wijesundara


Advisor: Professor Burleson

Midway Design Review

2

Electrical and Computer Engineering

Overview


Recap


PDR Comments


System Requirements/Constraints


Database Considerations


Oracle


Django


Multiparty Computation


Lag Time Dilemma


Demo


Goals for CDR

3

Electrical and Computer Engineering

Recap


Secure platform


Tracks users location and displays specifics for the user


Different applications can be run


Secured by MPC, encryption, identity verification

4

Electrical and Computer Engineering

Feedback From PDR



What is the best database to use?



How much information the database can handle?


Can you overload it?


Will timing be an issue?



Is there a need for non
-
smart phones?



What is the computational feasibility and scalability?



Do we really need security for a social application?

5

Electrical and Computer Engineering

System Requirements


Location data needs to be kept secure


Ethical Constraint


Unethical to allow distribution of unauthorized data


Researched Multiparty Computation


Reliable under stress conditions


Sustainability Constraint


Poor system performance with large input of data
deteriorates sustainability


As of now system can input 100,000 data locations
without a loss of system performance



6

Electrical and Computer Engineering

Ethical Responsibility


A need to provide security for social
applications?


Security not just for military


Ethical to provide same level of security for everyone


Prevents Stalking


Provides peace of mind

7

Electrical and Computer Engineering

Database Choices

MySQL

PostgreSQL

Oracle 11g

Spatial
Extensions

No

Yes, limited

Yes

Lookups

Slow

Fast

Fast

Inserts

Slow

Fast

Slow

8

Electrical and Computer Engineering

Database Performance


Find points within 10 miles of random point

MySQL 5.1 (ms)

PostgreSQL 8.4
(ms)

Oracle 11g (ms)

1

0.769

1.260

1.336

10

0.804

1.346

1.267

100

1.048

1.265

1.263

1,000

2.915

1.312

1.379

10,000

25.685

1.270

1.334

100,000

276.429

1.330

1.260

9

Electrical and Computer Engineering

Database Performance


Insert 100,000 points across the USA


(average time per insert)


MySQL

5.1

26.258 ms

PostgreSQL

8.4

3.496 ms

Oracle 11g

199.670 ms

10

Electrical and Computer Engineering

Database


We choose Oracle 11g for its feature set and
support


Handles spatial queries


Handles long transactions without crashing


Stores and indexes vector geometries in the
database


Enhances application performance



11

Electrical and Computer Engineering

Django


Open
-
source web framework for our
website


Written in Python



Supports most major databases


MySQL, PostgreSQL, Oracle, SQLite



Object
-
relational mapper


Powerful HTML template system


Built in caching system

12

Electrical and Computer Engineering

Django ORM (Object Relational Mapper)


Mediates between Python classes and database
tables


Database agnostic system for storing &
retrieving data


Allows us to switch databases with minimal effort

13

Electrical and Computer Engineering

Static versus Dynamic Lag Time


Security Issue addressed from PDR


If enemy obtains device can information be deduced
from the lag time?


Static (X seconds lag time always)


Impossible to infer anything from lag time


Greater average lag time


Dynamic (Varying lag time)


Impossible to infer anything from lag time


Lesser average lag time


14

Electrical and Computer Engineering

Multi
-
Party Computation


Parties have private data


Need to evaluate a function without giving away private data


VIFF for Python


Still actively researching

15

Electrical and Computer Engineering

Shamir’s Secret Sharing Scheme


Algorithm for sharing a “secret”


Polynomial of degree T
-
1 picked, random coefficients + secret


X values picked for N users, each given (x, f(x))


Threshold scheme


T shares required, not N


Basis for MPC scheme used in VIFF

16

Electrical and Computer Engineering

Technical Roles

Emily (CSE)

Oracle Database

Tom (CSE)

Multiparty Computation

Nate (EE)

HTML5

Shanka (EE)

Django

17

Electrical and Computer Engineering

Demo

18

Electrical and Computer Engineering

OAuth



Allows private resources to be shared with another site for X amount of
time


Communication between User, Service Provider, and Requesting Site


User can authenticate without leaking password


Will be implemented for CDR

19

Electrical and Computer Engineering

Goals for CDR


Security Investigation


Survey of popular location tracking systems and possible security flaws


More platform functionality


Associate users with objects


MPC integration


OAuth support


Buddy Tracker Application

20

Electrical and Computer Engineering

Milestones

Oct 26

PDR

Specifications complete

Nov 9

Smart phone web client functional prototype

Dec 2

MDR

Database configured / example of multiparty computation

Dec 21

Platform complete / server security/ OAuth

Jan 4

Web clients complete / security for hijacked devices
(timing)

Jan 11

Platform input / output plugins complete

Jan 25

Bugfixes, Performance Testing

Feb 8

CDR

Demo platform with buddy tracker app / show
security and weakness in other systems

Apr 5

FDR

Project Complete

21

Electrical and Computer Engineering

Thank You





Questions?

22

Electrical and Computer Engineering

Accuracy

Accuracy (m)

Wireless

150

GPS

2,600

IP

24,000

23

Electrical and Computer Engineering

Outside Material


Security Engineering: A Guide to Building
Dependable Distrusted Systems by Ross
Anderson. (Encryption, Internet Security)



Protocols for Secure Computation by Andrew
Yao. (Multiparty Computation
-

Demonstration)



Oracle Website (Oracle Locator Database)

<http://www.oracle.com/technology/products/spatial/ind
ex.html>

24

Electrical and Computer Engineering

Team Communication


Gmail


Chat + Email


Wiki Page


Share Research


Dropbox


Collaborative File Sharing Site


Weekly Advisor Meetings


Wednesdays 11:15

25

Electrical and Computer Engineering

Impacts


Positive


Allows people to stay in touch


Saves time and money


See who’s close if help is needed


Negative


Stalking


Impersonation


Design


Enhanced security to prevent negatives

26

Electrical and Computer Engineering

Contemporary Issues


Social networking


Need for constant updates


Desire to know where and what people are doing



Military Networking


A strategic planning method


Useful in emergency situations



27

Electrical and Computer Engineering

Gantt Chart