ECDI: Secure Fog Robotics Using the Global Data Plane
University Of California-Berkeley, Berkeley CA
Investigators
Abstract
This project investigates new ways of structuring and securing information by using cryptographically hardened bundles of data, called DataCapsules. The need for a new approach stems from the proliferation of data-driven technology and cyber-physical systems that control physical devices, such as robots and manufacturing machines, and use information from widely disparate sources. The consequences of data exposure, breach, or corruption can lead to identity theft, property loss, or (increasingly) bodily harm. Unfortunately, common approaches to protecting information are ad-hoc, buggy, and subject to a variety of attacks and failure modes. In contrast, the DataCapsule infrastructure provides a standardized approach to sequencing, securing every bit of information while also including explicit provenance (stating who generated it). DataCapsules may move freely from place to place in the network while retaining their integrity, thereby enabling secure computation at the edge of the network. Further, this project investigates techniques to ease the transition of application writers from current practice to use of the DataCapsule infrastructure. The benefits of standardization around DataCapsules are many fold, including (1) more uniform application of best practices for data security; (2) secure edge computing infrastructures that fluidly interact with authorized entities in the core of the network (cloud); and (3) an opportunity for new networking environments that respect information privacy and security while optimizing for performance and quality of service. This project explores the use of DataCapsules to improve the security and performance of robotic and machine-learning applications operating in edge computing environments. DataCapsules are secured bundles of information with unique, self-certifying names that are transported over a data-centric 'narrow-waist' infrastructure called the Global Data Plane (GDP). This project investigates the design of DataCapsules as well as an architecture for the GDP that provides flat-address routing from authorized clients to DataCapsules, allowing DataCapsules to be replicated and reside anywhere within the GDP. DataCapsules consist of standardized metadata wrappers anchoring hash-chain-linked histories of transactions labeled by signatures. As universal 'ground-truths' for data storage applications, DataCapsules share some advantages of block-chains, including publicly verifiable integrity. Above the DataCapsule layer, application writers benefit from uniform security while continuing to utilize common storage access patterns, such as filesystems, databases, and key-value stores. The GDP partitions the network into Trust Domains (TDs) to allow clients to reason about the trustworthiness of hardware. This architecture includes overlay switches connected via a tunneling protocol and a scalable location resolution infrastructure. Each TD is responsible for a subset of the DataCapsules and provides data location facilities that serve 'location delegation' certificates (mapping names to network locations) for these DataCapsules. For scalability, this project investigates several name resolution mechanisms, including one based on distributed hash table (DHT) principles. This project also utilizes secure enclave technologies (e.g. Intel SGX) to provide secure computation at the edge of the network. By promoting best practice labeling and secure management of information, the DataCapsule infrastructure promises to lead to an overall reduction in data breaches and safer public and private cyberspace infrastructure. Further, it will allow application writers to trust the security of information at the edge of the network, thus leading to new and better application of data-driven techniques at the network edge while simultaneously improving privacy; this, in turn, will lead to better applications, such as robotic and smart manufacturing. Finally, in addition to educational activities, the project, in collaboration with the University of California Berkeley's Lawrence Hall of Science, will produce open-access videos to raise awareness of information vulnerability and provenance with youth and the public at large. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →