A use for the Internet of Things: ROBOCOP Neighbourhood Watch

No people required here ... bring on the Rise of the Machines

Application security programs and practises

LADIS 2013 The Internet of Things may be a young field, but researchers are already cooking up a filesystem to simplify how devices share information with one another, which could lead to community-backed services such as an automated neighborhood watch.

One effort involving eggheads from Microsoft Research and the University of Texas at Austin has created the "Bolt" filesystem, which amalgamates and consolidate inputs from various sensors.

"Bolt" was discussed on Saturday in the Towards a storage system for connected homes paper that was presented at the Large-Scale Distributed Systems and Middleware conference in Pennsylvania, which El Reg attended.

The storage system lets numerous wired devices such as heating systems or security cameras stream data into a storage layer, which then replicates the data into a secure off-site storage location, such as a public cloud, for sharing with other sensors in other homes.

The technology is a "stream-based key-value abstraction with support for range queries over time and filtering based on application-specific keys," according to the paper [PDF] discussing the technology.

It is optimised around time-series data, such as that outputted by sensors, and also on-demand and infrequently generated data. Because these systems do not perform random-access updates or deletes, the database can be lightweight and therefore present a smaller surface for compromise by hackers.

"Traditional databases with their support for transactions, concurrency control, and recovery protocols are an overkill for such data," the researchers noted.

Bolt has been created to help people share data between separate devices – for instance, a smart thermostat can pull in data from motion sensors around a property to figure out which rooms to heat – and to securely pool and share data between communities.

Besides providing users with a handy way of consolidating the data from their numerous devices and querying it for insight, Bolt is designed to give communities the ability to pool the information from various homes to detect problems.

One scenario Bolt is envisioned as being used in is if a home security camera reports a black car passing at low speed – not a suspicious thing in itself, but if the data were to be streamed into the consolidated off-site Bolt storage pool an admin might find that other systems in other houses have reported the same black car circling the area for some time. Could be a burglar, could be nothing, but the amalgamation of data into the system provides a sort of automated neighborhood watch function to the user.

"You may want to preserve data for evidence purposes, even if [the source] goes offline," Trinabh Gupta, one of the researchers, said at LADIS.

To the relief of Reg readers, though Bolt can use cloud servers, it has been designed to distrust the devices it pours the data into, due to the potentially sensitive nature of sensor information. Gupta believes cloud servers "cannot be relied on to preserve data privacy", and admits that one of the main challenges with Bolt is the need to "require confidentiality of data on untrusted servers".

To avoid data leakage Bolt hashes and encrypts data using a decentralized access system, which also supports application specific policies so administrators can tighten or relax security rules according to usage.

Bolt is structured around key-value streams, which are identified by a HomeID, AppID, StreamID tuple. The location of these streams is configurable (see below) so users can set where it is stored.

Applications can upload information into either a ValueStream for small data values (think temperature readings), or a FileStream for chunky data such as images or videos.

ValueStreams append data to a single file, while FileStreams store each entry separately. Any single stream can have one app writing into it, which can grant and revoke read access to the data.


Bolt provides fine-grained policy control for saying what data goes where

As of LADIS, the prototype supports local, Windows Azure, and Amazon S3 storage, and it has been integrated with technologies such as HomeOS, a home automation operating system being developed by Microsoft Research. The researchers have also tested it with other clouds such as Rackspace, Gupta told El Reg, and said the API for Bolt is simple. "Even a simple PUT and GET API should work, he said.

Because the API is so simple, security-conscious admins could eschew the corporate cloud completely and simply point Bolt at their own off-site storage and compute. This might assuage vulnerability concerns from regulators and such "stakeholders".

One potential drawback of the system is it doesn't, so far, seem well built to deal with homes tossing and pulling large amounts of sensor information to and from the cloud for processing, such as high-definition video from surveillance cameras. This could flood the available bandwidth, and make the homeowner regret turning on the additional security layer.

However, there are signs that as the price of hardware comes down it could be possible to inexpensively run image decoding and processing in-sensor, so the system is merely needed to stream low-footprint decision data into a cloud.

Bolt is still in development, and in the future, the researchers hope to replicate the metadata further and increase the granularity of data sharing made possible by the technology. ®

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story


Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.