Security trustworthiness of Human-as-a-Sensor gathered information

As reported in my earlier posted blogs, HaaS is a concept that promises to help in the improvement of real world problems, yet one of the biggest challenges associated with it is the ability to determine the credibility of the data that is received, as the information is more often generated by unknown sources which are untrusted. HaaS has gained an substantial attention in Internet-connected smartphones, which have developed an information sharing culture in society. In the law enforcement and civil protection space, HaaS is typically used to harvest information regarding physical hazards, crimes and evolving emergencies. The trustworthiness of this information is typically studied in relation to the trustworthiness of the human sensors.

The amount of data generated from mobile devices is greater than ever before. Every time people notice something unusual or noteworthy, they share it with others in social media or using specialised apps. This sharing culture has created an opportunity for harvesting or generating knowledge from the members of the public to facilitate crisis and emergency response. Reliable and trustworthy information received in this manner can help improve emergency responders’ and Law Enforcement Agencies’ (LEA) situational awareness and ability to detect and respond to evolving incidents. This is referred to as the Human-as-a-Sensor (HaaS) paradigm for situational awareness. A key initiative is the TRILLION project, which includes the use of smartphones, mobile apps, wearables and social media to improve community policing, for citizen reporting crimes.

TRILLION’s collaboration with citizens to fight crime makes it an attractive target for cyber criminals. Beyond confidentiality and privacy, attacks against TRILLION may aim to affect availability preventing citizens from accessing it when needed, and integrity, manipulating information, such as the location reported by citizens’ mobile devices. An incident report delivered from a malware-infected mobile device should ideally be handled as an untrusted report regardless of the trustworthiness of the user, but there is no practical way for TRILLION to determine this in real-time and remotely. Beyond strong authentication and encryption, a novel aim in TRILLION and any HaaS wearable devices is to include the capability of gathering information based on the cyber trustworthiness of the platform where they originated from.