Xiuwen Liu,Yanjiao Chen

DOI: https://doi.org/10.1016/j.comnet.2022.109507

2022-01-01

SSRN Electronic Journal

Abstract:In mobile crowdsensing systems, the public crowd are required to report data with actual locations under location privacy vulnerabilities. Moreover, even sensing data itself further deepens location privacy breaches. Existing works allow each worker to consider his own privacy, but the accumulated privacy budget will lower down group data privacy of each sensing region. Moreover, multi-region spatial data correlations indicate that multi-group correlated data privacy may be leaked from each other. To this end, we develop a novel MCS framework, called GDA-Crowd(Group effect-based Data Aggregation), which consists of three parts: location obfuscation and aggregation, group effect-based data privacy and aggregation, and incentive mechanism. We start from individual location privacy guarantee and propose a location aggregation method to cluster workers into groups. Then, we exploit intra-group effect, i.e., data privacy interdependence under the judicious selection of workers’ participation, to enhance privacy-accuracy balance. Moreover, multi-group global histogram incorporates inter-group effect, i.e., correlated privacy loss from spatial data correlations, into inter-group data aggregation. Finally, we design a truthful, individually rational and computationally efficient incentive mechanism for participant selection. The synopsis of contributions includes dual privacy protection, dual group effect for desirable privacy-accuracy tradeoff, synergies among incentive mechanism, privacy-preserving data aggregation for approximate optimality. Theoretical analysis and extensive experiments validate our effectiveness and superiority.

Yuan Zhang,Qingjun Chen,Sheng Zhong

DOI: https://doi.org/10.1109/TIFS.2016.2515513

2016-01-01

Abstract:Mobile phone sensing provides a promising paradigm for collecting sensing data and has been receiving increasing attention in recent years. Different from most existing works, which protect participants’ privacy by hiding the content of their data and allow the aggregator to compute some simple aggregation functions, we propose a new approach to protect participants’ privacy by delinking data from its sources. This approach allows the aggregator to get the exact distribution of the data aggregation and, therefore, enables the aggregator to efficiently compute arbitrary/complicated aggregation functions. In particular, we first present an efficient protocol that allows an untrusted data aggregator to periodically collect sensed data from a group of mobile phone users without knowing which data belong to which user. Assume there are $n$ users in the group. Our protocol achieves $n$ -source anonymity in the sense that the aggregator only learns that the source of a piece of data is one of the $n$ users. Then, we consider a practical scenario where users may have different source anonymity requirements and provide a solution based on dividing users into groups. This solution optimizes the efficiency of data aggregation and meets all users’ requirements at the same time.

Min Lu,Zhiguo Shi,Rongxing Lu,Ruixue Sun,Xueminsherman Shen

DOI: https://doi.org/10.1109/ICCChina.2013.6671200

2013-01-01

Abstract:Characterized by time-of-using pricing, better capacity, and usage planning, smart grid has attracted considerable attention in recent years. However, one of the research challenges in smart grid is the privacy issue due to too much sensitive and real-time user data involved. In this paper, we propose a practical privacy-preserving aggregation scheme, named PPPA, for secure smart grid communications. PPPA utilizes the lightweight cryptographic aggregation technique to achieve provable security guarantee, the differential privacy technique to achieve privacy preservation of each individual user, and the quad tree structure to achieve failure tolerance. For data communication from users to control center, data aggregation is conducted directly on ciphertexts at local gateway without decryption, and the aggregation results are reported by relays to the control center. Through extensive analysis, we demonstrate that PPPA can not only provide authentication and guarantee the data integrity, but also achieve strong privacy-preserving for each user, and thus it is feasible in practical smart grid scenarios.

Mengyuan Zhang,Lei Yang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1109/tnet.2021.3056490

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for sensing tasks. The workers are allowed to report noisy versions of their data for privacy protection; and the platform selects workers by taking into account their sensing capabilities to ensure the accuracy level of the aggregated result. Observe that when moving the control of data privacy from the data aggregator to the workers, the data aggregator has limited market power in the sense that it can only partially control the noise by judiciously choosing a subset of workers based on workers' privacy preferences. This introduces externalities because the privacy of each worker depends on the total noise in the aggregated result that in turn relies on which workers are selected. Specifically, we first consider a privacy-passive scenario where workers participate if their privacy loss can be adequately compensated by the rewards. We explicitly characterize the externalities and the hidden monotonicity property of the problem, making it possible to design a truthful, individually rational and computationally efficient incentive mechanism. We then extend the results to a privacy-proactive scenario where workers have individual requirements for their perceivable data privacy levels. Our proposed mechanisms for both scenarios can select a subset of workers to (nearly) minimize the cost of purchasing their private sensing data subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Chang Xu,Run Yin,Liehuang Zhu,Chuan Zhang,Can Zhang,Yupeng Chen,Kashif Sharif

DOI: https://doi.org/10.1109/jiot.2021.3135049

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Time-series data aggregation in Internet of Things applications is a useful operation, where the time-series data is sensed by a group of users, and gathered by the aggregator for real-time analysis. However, some security and privacy challenges still affect the collection and aggregation process. Although existing privacy-preserving solutions achieve strong privacy guarantees, they introduce a fully trusted TA that is difficult to realize in the real world. Besides, they cannot be directly applied in time-series data aggregation scenarios due to unacceptable efficiency. In this article, we propose a privacy-preserving time-series data aggregation scheme with a semi-trusted authority. Moreover, our scheme also supports arbitrary aggregate functions and fault tolerance to enhance the reliability and scalability of data aggregation. Security analysis demonstrates that our proposed scheme achieves $(n-k)$ -source anonymity even if $k(k\leq (n-2))$ data providers collude with the cloud server. We also conduct thorough experiments based on a simulated data aggregation scenario to show the high computation and communication efficiency of our scheme.

Lei Yang,Mengyuan Zhang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1145/3209582.3209598

2018-01-01

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for a sensing task. In this framework, the workers are allowed to report privacy-preserving versions of their data to protect their data privacy; and the platform selects workers based on their sensing capabilities, which aims to address the drawbacks of game-theoretic models that cannot ensure the accuracy level of the aggregated result, due to the existence of multiple Nash Equilibria. Observe that in this auction based framework, there exists externalities among workers' data privacy, because the data privacy of each worker depends on both her injected noise and the total noise in the aggregated result that is intimately related to which workers are selected to fulfill the task. To achieve a desirable accuracy level of the data aggregation in a cost-effective manner, we explicitly characterize the externalities, i.e., the impact of the noise added by each worker on both the data privacy and the accuracy of the aggregated result. Further, we explore the problem structure, characterize the hidden monotonicity property of the problem, and determine the critical bid of workers, which makes it possible to design a truthful, individually rational and computationally efficient incentive mechanism. The proposed incentive mechanism can recruit a set of workers to approximately minimize the cost of purchasing private sensing data from workers subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Mei Wang,Kun He,Jing Chen,Ruiying Du,Bingsheng Zhang,Zengpeng Li

DOI: https://doi.org/10.1016/j.future.2022.01.007

IF: 7.307

2022-01-01

Future Generation Computer Systems

Abstract:Privacy-preserving data aggregation is becoming a demanding necessity for many promising scenarios, e.g., health care analysis. Sensitive data are collected and aggregated in a privacy-preserving approach using current Internet of Things (IoT) technology, leading to immense challenge and consequent interest in developing secure computing algorithms for individual and organizational data. However, most existing solutions focus on specific evaluations (e.g., SUM), and they use heavy cryptographic techniques, which are far from practice for constrained IoT devices. The Trusted Execution Environment (TEE, implemented with Intel SGX) can assist in computing arbitrary functions and avoiding resource-consuming operations. Nevertheless, TEE is subject to several challenges because TEE is vulnerable to limited resource and even function violations, e.g., the attacker may bypass the boundary of TEE. In this paper, we propose a lightweight non-interactive privacy-preserving data aggregation scheme for resource-constrained devices, named PANDA, where TEE is introduced to bypass the trusted entities requirement and heavy overhead. Additionally, PANDA explores the certificate-aided function authorization to prevent leakage from unauthorized functions, and designs the public verifiable certificate management to detect the abnormal behaviors of the host to mitigate the external host compromise. We formalize PANDA with rigorous security analysis to indicate privacy protection against the compromised aggregator and analyst. The evaluation results show that PANDA has constant online communication cost and lightweight computation overhead for constrained devices, which is suitable for IoT applications.

Hui Dou,Yuling Chen,Yixian Yang,Yangyang Long

DOI: https://doi.org/10.1007/s12652-020-02801-6

IF: 3.662

2021-02-10

Journal of Ambient Intelligence and Humanized Computing

Abstract:Abstract As a significant part of the Internet of things, wireless sensor networks (WSNs) is frequently implemented in our daily life. Data aggregation in WSNs can realize limited transmission and save energy. In the process of data aggregation, node data information is vulnerable to be eavesdropped and attacked. Therefore, it is of great significance to the research of data aggregation privacy protection in WSNs. We propose a secure and efficient privacy-preserving data aggregation algorithm (SECPDA) based on the original clustering privacy data aggregation algorithm. In this algorithm, we utilize SEP protocol to dynamically select cluster head nodes, introduce slicing idea for the private data slicing, and generate false information for interference. A comprehensive experimental evaluation is conducted to assess the data traffic and privacy protection performance. The results demonstrate that the proposed SECPDA algorithm can effectively reduce data traffic and further improve data privacy of nodes.

computer science, information systems,telecommunications, artificial intelligence

Zuyan Wang,Jun Tao,Dika Zou

2024-05-31

Abstract:The growing popular awareness of personal privacy raises the following quandary: what is the new paradigm for collecting and protecting the data produced by ever-increasing sensor devices. Most previous studies on co-design of data aggregation and privacy preservation assume that a trusted fusion center adheres to privacy regimes. Very recent work has taken steps towards relaxing the assumption by allowing data contributors to locally perturb their own data. Although these solutions withhold some data content to mitigate privacy risks, they have been shown to offer insufficient protection against disclosure attacks. Aiming at providing a more rigorous data safeguard for the Internet of Things (IoTs), this paper initiates the study of privacy-preserving data aggregation. We propose a novel paradigm (called RASE), which can be generalized into a 3-step sequential procedure, noise addition, followed by random permutation, and then parameter estimation. Specially, we design a differentially private randomizer, which carefully guides data contributors to obfuscate the truth. Then, a shuffler is employed to receive the noisy data from all data contributors. After that, it breaks the correct linkage between senders and receivers by applying a random permutation. The estimation phase involves using inaccurate data to calculate an approximate aggregate value. Extensive simulations are provided to explore the privacy-utility landscape of our RASE.

Cryptography and Security

Chang Xu,Lvhan Zhang,Liehuang Zhu,Chuan Zhang,Xiaojiang Du,Mohsen Guizani,Kashif Sharif

DOI: https://doi.org/10.1016/j.future.2020.04.021

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:Information-Centric Networking (ICN) is a novel future network architecture which in contrast to IP-based networks relies on content and its name. It separates the physical location of data from the discovery and forwarding process and solely relies on the content itself. For the Internet of Thing (IoT) networks, stripping the location information may provide privacy, but this does not translate to operational privacy. Attackers can infer user behavior patterns through operational privacy, by eavesdropping on meaningful information. The content name and designed signature in ICN can associate content with the identity of the provider, even if the IP address is hidden. Although several research efforts focus on the privacy protection of ICN, they do not consider the privacy implications of data aggregation. Most existing privacy-preserving data aggregation protocols are designed for special operations, such as sum, average, variance, max or min, and they cannot support arbitrary aggregation operations in the ciphertexts domain. Besides, the need for trusted authority (TA) restricts the use of existing protocols in the real world. In this paper, we propose a practical and privacy-preserving data aggregation scheme that can compute arbitrary aggregation functions without a TA. On one hand, our scheme can ensure users’ anonymity and privacy protection, while on the other, the scheme is efficient in enabling participants to join or leave the system dynamically. Security analysis shows that the proposed scheme can achieve the desired security properties, while experimental results demonstrate its effectiveness and efficiency.

Taeho Jung,Xufei Mao,Xiang-Yang Li,Shao-Jie Tang,Wei Gong,Lan Zhang

DOI: https://doi.org/10.1109/infcom.2013.6567071

2013-01-01

Abstract:Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's privately owned data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either require secure pair-wise communication channels or suffer from high complexity. In this paper, we consider how an external aggregator or multiple parties can learn some algebraic statistics (e.g., sum, product) over participants' privately owned data while preserving the data privacy. We assume all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We propose several protocols that successfully guarantee data privacy under this weak assumption while limiting both the communication and computation complexity of each participant to a small constant.

Hao Ren,Hongwei Li,Xiaohui Liang,Shibo He,Yuanshun Dai,Lian Zhao

DOI: https://doi.org/10.3390/s16091463

IF: 3.9

2016-01-01

Sensors

Abstract:With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one.

Jianping He,Lin Cai,Peng Cheng,Min Xing,Jianping Pan,Ling Shi

2016-01-01

Abstract:Privacy-preserving data aggregation in ad hoc networks is a challenging problem, considering the distributed communication and control requirement, dynamic network topology, unreliable communication links, etc. The difficulty is exaggerated when there exist dishonest nodes, and how to ensure privacy, accuracy, and robustness against dishonest nodes remains an open issue. Different from the widely used cryptographic approaches, in this paper, we address this challenging problem by exploiting the distributed consensus technique. We first propose a secure consensus-based data aggregation (SCDA) algorithm that guarantees an accurate sum aggregation while preserving the privacy of sensitive data. Then, to mitigate the pollution from dishonest nodes, we propose an Enhanced SCDA (E-SCDA) algorithm that allows neighbors to detect dishonest nodes, and derive the error bound when there are undetectable dishonest nodes. {We prove the convergence of both SCDA and E-SCDA. We also prove that the proposed algorithms are $(epsilon, sigma)$-data-privacy, and obtain the mathematical relationship between $epsilon$ and $sigma$.} Extensive simulations have shown that the proposed algorithms have high accuracy and low complexity, and they are robust against network dynamics and dishonest nodes.

Kaizhong Zuo,Xixi Chu,Peng Hu,Tianjiao Ni,Tingting Jin,Fulong Chen,Zhangyi Shen

DOI: https://doi.org/10.1007/s11227-024-05995-0

IF: 3.3

2024-03-13

The Journal of Supercomputing

Abstract:The intelligent transportation system can make traffic decisions through the sensory data collected by vehicles to ensure driving safety, improve traffic efficiency and traffic environment. Thus, the system has been widely concerned by industry and academia. However, the intelligent transportation system confronts several challenges in location privacy protection and data security during data aggregation. To solve these challenges, we propose a security-enhanced privacy-preserving data aggregation scheme for the intelligent transportation system, named SEPDA. Specifically, the SEPDA scheme utilizes the Chinese Remainder Theorem, Modified Paillier Cryptosystem and T-N Threshold Sharing to protect the location privacy and information security of vehicles, and obtains the mean and variance in the data report reading and analytics process. The SEPDA also uses the threshold cryptosystem to enhance the security of the traffic management center, which can avoid single-point attacks. Meanwhile, SEPDA employs batch authentication technology to reduce authentication overhead. Detailed security analysis and performance evaluation show that the SEPDA can resist various security threats and has low computational complexity, communication overhead and communication delay.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Jianping He,Lin Cai,Peng Cheng,Jianping Pan,Ling Shi

DOI: https://doi.org/10.1109/tac.2019.2910171

IF: 6.549

2019-01-01

IEEE Transactions on Automatic Control

Abstract:Privacy-preserving data aggregation (DA) in ad hoc networks is a challenging problem, considering the distributed communication and control requirement, dynamic network topology, unreliable communication links, etc. Different from the widely used cryptographic approaches, in this paper, we address this challenging problem by exploiting the distributed consensus technique. We first propose a secure consensus-based DA algorithm that guarantees an accurate sum aggregation while preserving the privacy of sensitive data. Then, we prove that the proposed algorithm converges accurately and is (epsilon, sigma)-data privacy, and the mathematical relationship between epsilon and sigma is provided. Extensive simulations have shown that the proposed algorithm has high accuracy and low complexity, and they are robust against network dynamics.

Shaowei Wang,Liusheng Huang,Miaomiao Tian,Wei Yang,Hongli Xu,Hansong Guo

DOI: https://doi.org/10.1109/glocom.2015.7417364

2015-01-01

Abstract:Histogram estimation is one of the fundamental tasks in crowdsourcing data aggregation. Since contributing data reveal more or less information about individuals' identifications and activities, participants need to preserve privacy of data according to their own levels of privacy concern. However, most of the existing work only aggregates data with an identical privacy level. In this paper, we propose an aggregation scheme for histogram estimation, wherein participants can publish their data at personalized differential-privacy levels. The aggregator also benefits from potential wider engagement or more honest data. Specially, since privacy levels under personalized privacy policy are sensitive information for participants, our scheme permits participants to keep their privacy levels secret even from the aggregator. We also show how to further optimize the estimation accuracy under given privacy levels by choosing specific randomization strategies.

Taeho Jung,XuFei Mao,Xiang-Yang Li,Shaojie Tang,Wei Gong,Lan Zhang

DOI: https://doi.org/10.1109/INFCOM.2013.6567071

2013-04-12

Abstract:Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either assume to have a secure channel or suffer from high complexity. Here we consider how an external aggregator or multiple parties learn some algebraic statistics (e.g., summation, product) over participants' data while any individual's input data is kept secret to others (the aggregator and other participants). We assume channels in our construction are insecure. That is, all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We successfully guarantee data confidentiality under this weak assumption while limiting both the communication and computation complexity to at most linear.

Cryptography and Security

Qing Yang,Fujun Ji,Fei Liu

DOI: https://doi.org/10.1155/2024/5374764

IF: 2.249

2024-03-08

Journal of Advanced Transportation

Abstract:Mobile smart devices, such as mobile phones, wearable devices, and in-vehicle navigation systems, bring us convenience and have become necessities in modern daily life. The built-in global positioning system (GPS) of these mobile devices collects the users’ mobility data to support path planning, navigation and other location-related applications, which also inevitably causes privacy issues. Previous research has shown that employing count-min sketch (CMS) to aggregate mobility datasets is a valid privacy-preserving method for resisting the reconstruction attack on population distributions. However, as the utility/accessibility of the protected datasets is excessively correlated with the size of CMS, decreasing the data transmission cost has become an unsolved issue of that approach. In this paper, we propose an efficient scheme with differential privacy to protect mobility datasets, which releases the privacy-preserving population distributions and achieves better utility as well as a much smaller data transmission cost compared to the CMS-based method. Our proposed scheme is comprised of two collaborative components, global sketch and temporal sketch. The global sketch is responsible for aggregating the raw mobility data and decreasing the data transmission cost, while the temporal sketch is in charge of guaranteeing the utility of the population distributions aggregated by the global sketch. Besides, to enhance the privacy preservation, we employ the Laplace mechanism to make the transmitted data satisfy ε -differential privacy. Through our analysis and empirical experiments, compared to the other three state-of-the-art privacy-preserving methods on mobility datasets, our scheme could preserve the privacy of the mobility datasets with much less data transmission cost under the same utility loss.

transportation science & technology,engineering, civil

Xin-Yuan Zhang,Liu-Sheng Huang,Shao-Wei Wang,Zhen-Yu Zhu,Hong-Li Xu

DOI: https://doi.org/10.2991/icwcsn-16.2017.45

2016-01-01

Abstract:The aggregation of residents' private data drives improvements in the smart homes, however it comes with compromising on privacy. Hence, privacy preservation has become an increasing requirement for residents. Since users might have different privacy requirements, and their privacy requirements might be sensitive information, smart homes need a privacy preservation scheme to meet their demands. In this scheme, a user preserves the privacy of his/her data and privacy level locally by specifying his own privacy level in confidence, without trusting anyone else in smart homes. In addition, a user replies a single data element to the collector each time, instead of the whole dataset. It makes the scheme more challenging than the traditional centralized situation. In this paper, we propose a novel personalized local differential privacy preservation scheme for smart homes, which retains desirable utility while providing rigorous privacy guarantee.

Lei Zhang,Honggang Zhang,Mauro Conti,Roberto Di Pietro,Sushil Jajodia,Luigi Vincenzo Mancini

DOI: https://doi.org/10.1007/s11235-011-9539-8

2011-01-01

Abstract:In this paper, we propose two efficient and privacy-preserving data aggregation protocols for WSNs: PASKOS (Privacy preserving based on Anonymously Shared Keys and Omniscient Sink) and PASKIS (Privacy preserving based on Anonymously Shared Keys and Ignorant Sink)-requiring low overhead. Both protocols guarantee privacy preservation and a high data-loss resilience. In particular, PASKOS effectively protects the privacy of any node against other nodes, by requiring O(log N) communication cost in the worst case and O(1) on average, and O(1) as for memory and computation. PASKIS can even protect a node's privacy against a compromised sink, requiring only O(1) overhead as for computation, communication, and memory; however, these gains in efficiency are traded-off with a (slightly) decrease in the assured level of privacy.A thorough analysis and extensive simulations demonstrate the superior performance of our protocols against existing solutions in terms of privacy-preserving effectiveness, efficiency, and accuracy of computed aggregation.