|
I can recommend two classes of resources. First, take a look at material on the "security mindset", starting with https://www.schneier.com/blog/archives/2008/03/the_security_... . Everyone on your team needs to be thinking, for every new feature, "how could this be exploited?". Second, for the specific case of sensors, start looking at research on sensor side-channel attacks, and how sensors can be used to gather information you wouldn't expect. For instance, see "Sensor Side-Channel Implications on User Privacy: Analysis and Mitigation". And take a look at some of the sensor-related work coming out of the various workshops on "Cyber-Physical Systems Security". Finally, please keep in mind that it's still risky to have these sensor nodes out there that even have the capability of doing this collection. Even if you keep all of the above in mind, even if you do everything you can to mitigate it, the capability will still exist, and all it would take is some malicious policy changes to abuse your work and your infrastructure, and turn it into a massive invasion of privacy. With that in mind, start now, while policies are in your favor, arranging maximum transparency for the nodes, source code, data collection, and similar. That way, if anyone ever does try to abuse your work and your infrastructure, it'll be extremely obvious, and if anyone tries to remove the transparency first, then it'll be conspicuous by its newfound absence. That same "security mindset" I mentioned above also applies to policies and administrations; take the time, while those policies and administrations are in your favor, to plan ahead for the scenario where they are not. Plan ahead for something you hope you never need, because once you find out you do need it, you might not have the option of building it anymore. |