Xiuwen Liu,Yanjiao Chen

DOI: https://doi.org/10.1016/j.comnet.2022.109507

2022-01-01

SSRN Electronic Journal

Abstract:In mobile crowdsensing systems, the public crowd are required to report data with actual locations under location privacy vulnerabilities. Moreover, even sensing data itself further deepens location privacy breaches. Existing works allow each worker to consider his own privacy, but the accumulated privacy budget will lower down group data privacy of each sensing region. Moreover, multi-region spatial data correlations indicate that multi-group correlated data privacy may be leaked from each other. To this end, we develop a novel MCS framework, called GDA-Crowd(Group effect-based Data Aggregation), which consists of three parts: location obfuscation and aggregation, group effect-based data privacy and aggregation, and incentive mechanism. We start from individual location privacy guarantee and propose a location aggregation method to cluster workers into groups. Then, we exploit intra-group effect, i.e., data privacy interdependence under the judicious selection of workers’ participation, to enhance privacy-accuracy balance. Moreover, multi-group global histogram incorporates inter-group effect, i.e., correlated privacy loss from spatial data correlations, into inter-group data aggregation. Finally, we design a truthful, individually rational and computationally efficient incentive mechanism for participant selection. The synopsis of contributions includes dual privacy protection, dual group effect for desirable privacy-accuracy tradeoff, synergies among incentive mechanism, privacy-preserving data aggregation for approximate optimality. Theoretical analysis and extensive experiments validate our effectiveness and superiority.

Josh Joy,Mario Gerla

DOI: https://doi.org/10.48550/arXiv.1604.04892

2016-04-17

Cryptography and Security

Abstract:In today's digital world, personal data is being continuously collected and analyzed without data owners' consent and choice. As data owners constantly generate data on their personal devices, the tension of storing private data on their own devices yet allowing third party analysts to perform aggregate analytics yields an interesting dilemma. This paper introduces PAS-MC, the first practical privacy-preserving and anonymity stream analytics system. PAS-MC ensures that each data owner locally privatizes their sensitive data before responding to analysts' queries. PAS-MC also protects against traffic analysis attacks with minimal trust vulnerabilities.We evaluate the scheme over the California Transportation Dataset and show that we can privately and anonymously stream vehicular location updates yet preserve high accuracy.

Lei Yang,Mengyuan Zhang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1145/3209582.3209598

2018-01-01

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for a sensing task. In this framework, the workers are allowed to report privacy-preserving versions of their data to protect their data privacy; and the platform selects workers based on their sensing capabilities, which aims to address the drawbacks of game-theoretic models that cannot ensure the accuracy level of the aggregated result, due to the existence of multiple Nash Equilibria. Observe that in this auction based framework, there exists externalities among workers' data privacy, because the data privacy of each worker depends on both her injected noise and the total noise in the aggregated result that is intimately related to which workers are selected to fulfill the task. To achieve a desirable accuracy level of the data aggregation in a cost-effective manner, we explicitly characterize the externalities, i.e., the impact of the noise added by each worker on both the data privacy and the accuracy of the aggregated result. Further, we explore the problem structure, characterize the hidden monotonicity property of the problem, and determine the critical bid of workers, which makes it possible to design a truthful, individually rational and computationally efficient incentive mechanism. The proposed incentive mechanism can recruit a set of workers to approximately minimize the cost of purchasing private sensing data from workers subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Fei Tong,Yuanhang Zhou,Kaiming Wang,Guang Cheng,Jianyu Niu,Shibo He

DOI: https://doi.org/10.1109/tdsc.2024.3368655

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Mobile crowdsensing (MCS) is an efficient approach for large-scale sensing data collection by leveraging the mobility and capability of mobile devices. To avoid the weaknesses of traditional centralized crowdsensing systems, blockchain has been introduced to secure the process of MCS. This paper studies a location-aware scenario, where privacy of users are protected in a blockchain- based MCS system, and formulates an optimization problem to maximize the coverage given a budget based on reverse auction. An incentive mechanism named MMCB is further proposed and implemented as smart contracts in blockchain to solve the problem. We demonstrate that the mechanism achieves a set of desirable properties, including computation efficiency, individual rationality, truthfulness, budget feasibility, approximation, and privacy preservation. To protect the identity privacy of workers and obtain anonymity, a linkable ring signature is employed in smart contracts. In addition, a Pedersen commitment is utilized for protecting workers’ bid profile and the submitted sensing data is encrypted and only accessible to the requester. We implement a prototype system based on the Hyperledger Fabric platform, and the evaluation results show that our privacy-preserving incentive mechanism architecture improves 36.2% coverage and reduces 53.1% payment with better security level compared to the state-of-the-art schemes.

Zhibo Wang,Xiaoyi Pang,Jiahui Hu,Wenxin Liu,Qian Wang,Yanjun Li,Honglong Chen

DOI: https://doi.org/10.1109/mcom.001.1800674

IF: 9.03

2019-01-01

IEEE Communications Magazine

Abstract:Mobile crowdsensing (MCS) has now become an effective paradigm to collect massive data for various sensing applications. However, the interactions between mobile users and the platform, and the data release to third parties, pose severe challenges of privacy leakage for MCS systems, such as the leakage of users' identities and locations. Although several works on MCS have explored the privacy issues in task allocation, incentive, and data reporting, there is still a lack of a comprehensive privacy preserving framework for MCS to protect the privacy of users throughout users' involvement in crowdsensing tasks. In this article, we divide the life cycle of each crowdsensing task in MCS into four phases: task allocation, incentive, data collection, and data publishing, and design a privacy-preserving framework for MCS to protect users' privacy in the whole life cycle of MCS.

Mengyuan Zhang,Lei Yang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1109/tnet.2021.3056490

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for sensing tasks. The workers are allowed to report noisy versions of their data for privacy protection; and the platform selects workers by taking into account their sensing capabilities to ensure the accuracy level of the aggregated result. Observe that when moving the control of data privacy from the data aggregator to the workers, the data aggregator has limited market power in the sense that it can only partially control the noise by judiciously choosing a subset of workers based on workers' privacy preferences. This introduces externalities because the privacy of each worker depends on the total noise in the aggregated result that in turn relies on which workers are selected. Specifically, we first consider a privacy-passive scenario where workers participate if their privacy loss can be adequately compensated by the rewards. We explicitly characterize the externalities and the hidden monotonicity property of the problem, making it possible to design a truthful, individually rational and computationally efficient incentive mechanism. We then extend the results to a privacy-proactive scenario where workers have individual requirements for their perceivable data privacy levels. Our proposed mechanisms for both scenarios can select a subset of workers to (nearly) minimize the cost of purchasing their private sensing data subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Hanwei Zhu,Sid Chi-Kin Chau,Gladhi Guarddin,Weifa Liang

DOI: https://doi.org/10.1145/3549550

2022-06-29

Abstract:Data sensing and gathering is an essential task for various information-driven services in smart cities. On the one hand, Internet of Things (IoT) sensors can be deployed at certain fixed locations to capture data reliably but suffer from limited sensing coverage. On the other hand, data can also be gathered dynamically through crowdsensing contributed by voluntary users but suffer from its unreliability and the lack of incentives for users' contributions. In this paper, we explore an integrated paradigm called "hybrid sensing" that harnesses both IoT-sensing and crowdsensing in a complementary manner. In hybrid sensing, users are incentivized to provide sensing data not covered by IoT sensors and provide crowdsourced feedback to assist in calibrating IoT-sensing. Their contributions will be rewarded with credits that can be redeemed to retrieve synthesized information from the hybrid system. In this paper, we develop a hybrid sensing system that supports explicit user privacy -- IoT sensors are obscured physically to prevent capturing private user data, and users interact with a crowdsensing server via a privacy-preserving protocol to preserve their anonymity. A key application of our system is smart parking, by which users can inquire and find the available parking spaces in outdoor parking lots. We implemented our hybrid sensing system for smart parking and conducted extensive empirical evaluations. Finally, our hybrid sensing system can be potentially applied to other information-driven services in smart cities.

Networking and Internet Architecture

Cynthia Dwork,George J. Pappas

DOI: https://doi.org/10.48550/arXiv.1706.01985

2017-06-06

Computers and Society

Abstract:Intelligent infrastructure will critically rely on the dense instrumentation of sensors and actuators that constantly transmit streaming data to cloud-based analytics for real-time monitoring. For example, driverless cars communicate real-time location and other data to companies like Google, which aggregate regional data in order to provide real-time traffic maps. Such traffic maps can be extremely useful to the driver (for optimal travel routing), as well as to city transportation administrators for real-time accident response that can have an impact on traffic capacity. Intelligent infrastructure monitoring compromises the privacy of drivers who continuously share their location to cloud aggregators, with unpredictable consequences. Without a framework for protecting the privacy of the driver's data, drivers may be very conservative about sharing their data with cloud-based analytics that will be responsible for adding the intelligence to intelligent infrastructure. In the energy sector, the Smart Grid revolution relies critically on real-time metering of energy supply and demand with very high granularity. This is turn enables real-time demand response and creates a new energy market that can incorporate unpredictable renewable energy sources while ensuring grid stability and reliability. However, real-time streaming data captured by smart meters contain a lot of private information, such as our home activities or lack of, which can be easily inferred by anyone that has access to the smart meter data, resulting not only in loss of privacy but potentially also putting us at risk.

Cheng Huang,Rongxing Lu,Hui Zhu

DOI: https://doi.org/10.1007/s41650-017-0017-7

2017-01-01

Journal of Communications and Information Networks

Abstract:With the evolution of conventional VANETs (Vehicle Ad-hoc Networks) into the IoV (Internet of Vehicles), vehicle-based spatial crowdsourcing has become a potential solution for crowdsourcing applications. In vehicular networks, a spatial-temporal task/question can be outsourced (i.e., task/question relating to a particular location and in a specific time period) to some suitable smart vehicles (also known as workers) and then these workers can help solve the task/question. However, an inevitable barrier to the widespread deployment of spatial crowdsourcing applications in vehicular networks is the concern of privacy. Hence, We propose a novel privacy-friendly spatial crowdsourcing scheme. Unlike the existing schemes, the proposed scheme considers the privacy issue from a new perspective according that the spatial-temporal tasks can be linked and analyzed to break the location privacy of workers. Specifically, to address the challenge, three privacy requirements (i.e. anonymity, untraceability, and unlinkability) are defined and the proposed scheme combines an efficient anonymous technique with a new composite privacy metric to protect against attackers. Detailed privacy analyses show that the proposed scheme is privacy-friendly. In addition, performance evaluations via extensive simulations are also conducted, and the results demonstrate the efficiency and effectiveness of the proposed scheme.

Raj Gaire,Ratan K. Ghosh,Jongkil Kim,Alexander Krumpholz,Rajiv Ranjan,R.K. Shyamasundar,Surya Nepal

DOI: https://doi.org/10.1016/b978-0-12-815032-0.00005-6

2019-01-01

Abstract:Smartness in smart cities is achieved by sensing phenomena of interest and using them to make smart decisions. Because the decision makers may not own all the necessary sensing infrastructures, crowdsourced sensing can help collect important information about the city in near real-time. However, involving people brings the risk of exposing their private information. This chapter explores crowdsensing in smart city applications and its privacy implications.

Chalee Vorakulpipat,Ryan K. L. Ko,Qi Li,Ahmed Meddahi

DOI: https://doi.org/10.1155/2021/9830547

2021-01-01

Abstract:<jats:p />

Dimitris Chatzopoulos,Sujit Gujar,Boi Faltings,Pan Hui

DOI: https://doi.org/10.48550/arXiv.1808.04056

2018-08-20

Abstract:The popularity and applicability of mobile crowdsensing applications are continuously increasing due to the widespread of mobile devices and their sensing and processing capabilities. However, we need to offer appropriate incentives to the mobile users who contribute their resources and preserve their privacy. Blockchain technologies enable semi-anonymous multi-party interactions and can be utilized in crowdsensing applications to maintain the privacy of the mobile users while ensuring first-rate crowdsensed data. In this work, we propose to use blockchain technologies and smart contracts to orchestrate the interactions between mobile crowdsensing providers and mobile users for the case of spatial crowdsensing, where mobile users need to be at specific locations to perform the tasks. Smart contracts, by operating as processes that are executed on the blockchain, are used to preserve users' privacy and make payments. Furthermore, for the assignment of the crowdsensing tasks to the mobile users, we design a truthful, cost-optimal auction that minimizes the payments from the crowdsensing providers to the mobile users. Extensive experimental results show that the proposed privacy preserving auction outperforms state-of-the-art proposals regarding cost by ten times for high numbers of mobile users and tasks.

Computer Science and Game Theory,Cryptography and Security,Networking and Internet Architecture

Thomas Plagemann,Vera Goebel,Matthias Hollick,Boris Koldehofe

DOI: https://doi.org/10.48550/arXiv.2210.16352

2022-10-29

Abstract:Big data applications offer smart solutions to many urgent societal challenges, such as health care, traffic coordination, energy management, etc. The basic premise for these applications is "the more data the better". The focus often lies on sensing infrastructures in the public realm that produce an ever-increasing amount of data. Yet, any smartphone and smartwatch owner could be a continuous source of valuable data and contribute to many useful big data applications. However, such data can reveal a lot of sensitive information, like the current location or the heart rate of the owner of such devices. Protection of personal data is important in our society and for example manifested in the EU General Data Protection Regulation (GDPR). However, privacy protection and useful big data applications are hard to bring together, particularly in the human-centered IoT. Implementing proper privacy protection requires skills that are typically not in the focus of data analysts and big data developers. Thus, many individuals tend to share none of their data if in doubt whether it will be properly protected. There exist excellent privacy solutions between the "all or nothing" approach. For example, instead of continuously publishing the current location of individuals one might aggregate this data and only publish information of how many individuals are in a certain area of the city. Thus, personal data is not revealed, while useful information for certain applications like traffic coordination is retained. The goal of the Parrot project is to provide tools for real-time data analysis applications that leverage this "middle ground". Data analysts should only be required to specify their data needs, and end-users can select the privacy requirements for their data as well as the applications and end-users they want to share their data with.

Distributed, Parallel, and Cluster Computing

Said Daoudagh,Eda Marchetti,Vincenzo Savarino,Jorge Bernal Bernabe,Jesús García-Rodríguez,Rafael Torres Moreno,Juan Antonio Martinez,Antonio F Skarmeta

DOI: https://doi.org/10.3390/s21217154

2021-10-28

Abstract:The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.

Mehdi Gheisari,Aminreza Karamoozian,Jiechao Gao,Hemn Barzan Abdalla,Shuja Ansari,Riaz Khan,Zhaoxi Fang

DOI: https://doi.org/10.1016/j.vehcom.2024.100732

IF: 6.7

2024-01-29

Vehicular Communications

Abstract:Cloud of Things (CoT) emerges as a pivotal paradigm, connecting Internet of Things (IoT) devices to the Cloud Computing space, facilitating the efficient management of smart cities. In navigating the intricate landscape of smart city environments, this paper confronts two paramount challenges— heterogeneity and privacy preservation. Heterogeneity, rooted in the diverse origins of CoT devices from various vendors, intro- duces compatibility gaps and data format variations, impeding seamless communication among devices. Simultaneously, privacy preservation concerns itself with averting the inadvertent disclo- sure of sensitive data generated by CoT devices. Existing solutions often exhibit limitations in effectively addressing both challenges concurrently. To bridge this gap, our proposed solution employs a novel ontology-based approach, commencing with the introduc- tion of a groundbreaking "Ontology" using the Protege software. This foundational tool serves a dual purpose—standardizing and unifying general and privacy-related information among diverse CoT devices. The ontology addresses the heterogeneity challenge by fostering a shared understanding and vocabulary, promoting interoperability for smoother communication among disparate devices. Complementing the ontology, a privacy-preservation method, implemented with "MININET-WIFI" and grounded in Modular Arithmetic, dynamically adjusts the privacy-preserving rules of each CoT device. This adaptive mechanism signifi- cantly enhances security, mitigating the risk of unintentional data disclosure—a critical aspect evaluated extensively within the context of a widely used CoT application, specifically, the Autonomous Vehicle (AV) environment. The computational cost is meticulously evaluated, showcasing that our solution introduces a modest overhead, notably below 1.8 seconds, compared to alternative models. Furthermore, the penetration rate analysis reveals the solution's resilience against honest but curious Remote Service Units (RSUs). Communication overhead is quantified for various privacy-preserving methods, providing a comprehensive view of the solution's performance. Through rigorous simula- tions, encompassing assessments of communication overhead, computational costs, and penetration rates, our solution exhibits not only affordability for a diverse array of CoT devices in smart cities but also heightened resilience against malicious activities and adversaries, surpassing current studies. This paper, therefore, not only presents a novel ontology-based solution but also delves into the nuanced intricacies of heterogeneity and privacy preservation within CoT-based smart cities. The proposed approach, characterized by its dual focus on standardization and dynamic privacy adaptation, signifies a significant stride towards fostering secure, interoperable, and privacy-aware CoT ecosystems amid the dynamic landscape of smart cities.

telecommunications,transportation science & technology

Sheng Zhong,Hong Zhong,Xinyi Huang,Panlong Yang,Jin Shi,Lei Xie,Kun Wang

2019-01-01

Abstract:With the advantages of IoT technology and applications, wireless signals are becoming more pervasive than ever. Human activities and experiences could be recognized by wireless network. There is a need to connect human to pervasive wireless network and interplay with them. Nevertheless, security and privacy issues become vitally important when humans are involved. Typically, inertial sensors and communication channels could be substantial privacy leakage sources, where information about inherent human features and behaviors are of tremendous importance in today’s research and study.

Yousef AlSaqabi,Bhaskar Krishnamachari

2023-09-22

Abstract:In the context of evolving smart cities and autonomous transportation systems, Vehicular Ad-hoc Networks (VANETs) and the Internet of Vehicles (IoV) are growing in significance. Vehicles are becoming more than just a means of transportation; they are collecting, processing, and transmitting massive amounts of data to make driving safer and more convenient. However, this advancement ushers in complex issues concerning the centralized structure of traditional vehicular networks and the privacy and security concerns around vehicular data. This paper offers a novel, game-theoretic network architecture to address these challenges. Our approach decentralizes data collection through distributed servers across the network, aggregating vehicular data into spatio-temporal maps via secure multi-party computation (SMPC). This strategy effectively reduces the chances of adversaries reconstructing a vehicle's complete path, increasing privacy. We also introduce an economic model grounded in game theory that incentivizes vehicle owners to participate in the network, balancing the owners' privacy concerns with the monetary benefits of data sharing. This model aims to maximize the data consumer's utility from the gathered sensor data by determining the most suitable payment to participating vehicles, the frequency in which these vehicles share their data, and the total number of servers in the network. We explore the interdependencies among these parameters and present our findings accordingly. To define meaningful utility and loss functions for our study, we utilize a real dataset of vehicular movement traces.

Systems and Control,Computer Science and Game Theory

Xuyang Ding,Ruizhao Lv,Xiaoyi Pang,Jiahui Hu,Zhibo Wang,Xu Yang,Xiong Li

DOI: https://doi.org/10.1016/j.compeleceng.2021.107528

IF: 4.152

2021-01-01

Computers & Electrical Engineering

Abstract:In the era of big data, edge computing has coped greatly with the increase in data. Recently, edge computing has been incorporated into mobile crowdsensing (MCS) to collect large-scale data, but existing edge computing-based MCS (EC-MCS) ideally assumes that edge servers are trusted. In this paper, a novel mechanism is proposed that we use semi-honest entities to securely and efficiently complete task assignment in large-scale crowdsensing. Firstly, homomorphic encryption is used to encrypt users' location information, and the collaboration between edge servers is used to complete task allocation under cipher-text. Then, the optimal users are selected to complete tasks and upload the encrypted sensing data. Moreover, a secure payment mechanism is proposed to avoid fraud problems in semi-honest edge servers. Finally, we analyze the security of our scheme theoretically and conduct a multi-dimensional simulation experiment to prove the effectiveness and availability of the proposed scheme.

Apostolos Pyrgelis,Carmela Troncoso,Emiliano De Cristofaro

DOI: https://doi.org/10.48550/arXiv.1703.00366

2017-06-10

Abstract:Information about people's movements and the locations they visit enables an increasing number of mobility analytics applications, e.g., in the context of urban and transportation planning, In this setting, rather than collecting or sharing raw data, entities often use aggregation as a privacy protection mechanism, aiming to hide individual users' location traces. Furthermore, to bound information leakage from the aggregates, they can perturb the input of the aggregation or its output to ensure that these are differentially private. In this paper, we set to evaluate the impact of releasing aggregate location time-series on the privacy of individuals contributing to the aggregation. We introduce a framework allowing us to reason about privacy against an adversary attempting to predict users' locations or recover their mobility patterns. We formalize these attacks as inference problems, and discuss a few strategies to model the adversary's prior knowledge based on the information she may have access to. We then use the framework to quantify the privacy loss stemming from aggregate location data, with and without the protection of differential privacy, using two real-world mobility datasets. We find that aggregates do leak information about individuals' punctual locations and mobility profiles. The density of the observations, as well as timing, play important roles, e.g., regular patterns during peak hours are better protected than sporadic movements. Finally, our evaluation shows that both output and input perturbation offer little additional protection, unless they introduce large amounts of noise ultimately destroying the utility of the data.

Cryptography and Security

Josh Joy,Dylan Gray,Ciaran McGoldrick,Mario Gerla

DOI: https://doi.org/10.48550/arXiv.1710.03322

2018-02-22

Abstract:Future autonomous vehicles will generate, collect, aggregate and consume significant volumes of data as key gateway devices in emerging Internet of Things scenarios. While vehicles are widely accepted as one of the most challenging mobility contexts in which to achieve effective data communications, less attention has been paid to the privacy of data emerging from these vehicles. The quality and usability of such privatized data will lie at the heart of future safe and efficient transportation solutions. In this paper, we present the XYZ Privacy mechanism. XYZ Privacy is to our knowledge the first such mechanism that enables data creators to submit multiple contradictory responses to a query, whilst preserving utility measured as the absolute error from the actual original data. The functionalities are achieved in both a scalable and secure fashion. For instance, individual location data can be obfuscated while preserving utility, thereby enabling the scheme to transparently integrate with existing systems (e.g. Waze). A new cryptographic primitive Function Secret Sharing is used to achieve non-attributable writes and we show an order of magnitude improvement from the default implementation.

Cryptography and Security