Lei Tan,Huiting Fan,Weikang Rui,Zhonghu Xu,Shuo Zhang,Jing Xu,Kai Xing

DOI: https://doi.org/10.1007/978-3-319-42836-9_25

2016-01-01

Abstract:With the raising popularity of online/mobile social applications, many individuals are increasingly attracted to their relative positions when compared to others in terms of emotional mood, travelling location, walking distance, fitness status, etc. These interest can be summarized as one question "where am I in my community?". However, it often forms a deadlock that people are interested in the others' data but are unwilling to disclose their own information (mood, health, etc.).In order to break the deadlock, we propose a privacy preserving participatory sensing scheme that will not disclose individual's privacy. Specifically, we present a privacy preservation data gathering approach and adopt an improved data mining algorithm to acquire a polynomial approximation function model on distributed user data to provide a privacy preservation method in participatory sensing. Experiments demonstrate that our approach can achieve a valid result comparing with the result without privacy preservation.

Guang Yang,Shibo He,Junshan Zhang,Zhiguo Shi

DOI: https://doi.org/10.1109/tvt.2019.2950907

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Crowdsensing has been recognized as a promising data collection paradigm, in which a platform outsources sensing tasks to a large number of users. However, requesting users to report raw data may give rise to many practical concerns, such as a significant overhead of communication and central processing, besides users' privacy concerns. In many scenarios (e.g, advertising and recommendation), the data collector directly benefits from statistical aggregation of raw data. Thus motivated, we consider the data collection problem based on user's local histograms, which is intimately related to the fundamental trade-off between the platform's accuracy and users' privacy. Because of users' social relationship, their data are often correlated, indicating that users' privacy may be leaked from others' data. To tackle this challenge, we first utilize Gaussian Markov random fields to model the correlation structure embedded in users' data. The data collection is modeled as a Stackelberg game where the platform decides its reward policy and users decide their noise levels while taking into account the social coupling among users. For the reward policy design, we first establish the relationship between users' Nash equilibrium and the payment mechanism, and then optimize the platform's accuracy under a budget constraint. Further, since the noise levels are users' private information, they may use falsified noise levels to achieve higher payoffs, which in turn impairs the crowdsensing performance. It turns out that with the insight into the correlation structure among users' data, the information asymmetry can be overcome based on peer prediction. We revisit the payment mechanism to guarantee dominant truthfulness of each user's strategy. Theoretical analysis and numerical results demonstrate the effectiveness of the proposed mechanism.

Lei Yang,Mengyuan Zhang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1145/3209582.3209598

2018-01-01

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for a sensing task. In this framework, the workers are allowed to report privacy-preserving versions of their data to protect their data privacy; and the platform selects workers based on their sensing capabilities, which aims to address the drawbacks of game-theoretic models that cannot ensure the accuracy level of the aggregated result, due to the existence of multiple Nash Equilibria. Observe that in this auction based framework, there exists externalities among workers' data privacy, because the data privacy of each worker depends on both her injected noise and the total noise in the aggregated result that is intimately related to which workers are selected to fulfill the task. To achieve a desirable accuracy level of the data aggregation in a cost-effective manner, we explicitly characterize the externalities, i.e., the impact of the noise added by each worker on both the data privacy and the accuracy of the aggregated result. Further, we explore the problem structure, characterize the hidden monotonicity property of the problem, and determine the critical bid of workers, which makes it possible to design a truthful, individually rational and computationally efficient incentive mechanism. The proposed incentive mechanism can recruit a set of workers to approximately minimize the cost of purchasing private sensing data from workers subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Mengyuan Zhang,Lei Yang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1109/tnet.2021.3056490

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for sensing tasks. The workers are allowed to report noisy versions of their data for privacy protection; and the platform selects workers by taking into account their sensing capabilities to ensure the accuracy level of the aggregated result. Observe that when moving the control of data privacy from the data aggregator to the workers, the data aggregator has limited market power in the sense that it can only partially control the noise by judiciously choosing a subset of workers based on workers' privacy preferences. This introduces externalities because the privacy of each worker depends on the total noise in the aggregated result that in turn relies on which workers are selected. Specifically, we first consider a privacy-passive scenario where workers participate if their privacy loss can be adequately compensated by the rewards. We explicitly characterize the externalities and the hidden monotonicity property of the problem, making it possible to design a truthful, individually rational and computationally efficient incentive mechanism. We then extend the results to a privacy-proactive scenario where workers have individual requirements for their perceivable data privacy levels. Our proposed mechanisms for both scenarios can select a subset of workers to (nearly) minimize the cost of purchasing their private sensing data subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Li Kuang,Yujia Zhu,Shuqi Li,Xuejin Yan,Han Yan,Shuiguang Deng

DOI: https://doi.org/10.1155/2018/3486529

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:With the rapid development of sensor acquisition technology, more and more data are collected, analyzed, and encapsulated into application services. However, most of applications are developed by untrusted third parties. Therefore, it has become an urgent problem to protect users’ privacy in data publication. Since the attacker may identify the user based on the combination of user’s quasi-identifiers and the fewer quasi-identifier fields result in a lower probability of privacy leaks, therefore, in this paper, we aim to investigate an optimal number of quasi-identifier fields under the constraint of trade-offs between service quality and privacy protection. We first propose modelling the service development process as a cooperative game between the data owner and consumers and employing the Stackelberg game model to determine the number of quasi-identifiers that are published to the data development organization. We then propose a way to identify when the new data should be learned, as well, a way to update the parameters involved in the model, so that the new strategy on quasi-identifier fields can be delivered. The experiment first analyses the validity of our proposed model and then compares it with the traditional privacy protection approach, and the experiment shows that the data loss of our model is less than that of the traditional k-anonymity especially when strong privacy protection is applied.

Xu Zheng,Zhipeng Cai,Guangchun Luo,Ling Tian,Xiao Bai

DOI: https://doi.org/10.1016/j.future.2018.04.020

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Community detection is a pivotal task for understanding user behaviors in online social networks, in which a third-party server can partition the users with close social relationships and similar behaviors into a same group. The existing approaches for community detection usually request full access to detailed social connections among users, which are usually sensitive. How to derive a meaningful community structure while not disclosing sensitive information remains unsettled. In this work, a novel framework is proposed to discover community structure in online social networks while preserving sensitive link information. The framework takes both social connections and users’ published contents into consideration. It also provides the flexibility in which a third-party server can adaptively select the concerned subgraph. The experiment results towards a real world dataset show that the proposed framework outperforms the baseline algorithm and can achieve a high accuracy on the discovered community structure.

Xuemeng Song,Xiang Wang,Liqiang Nie,Xiangnan He,Zhumin Chen,Wei Liu

DOI: https://doi.org/10.1145/3209978.3209995

2018-01-01

Abstract:The booming of social networks has given rise to a large volume of user-generated contents (UGCs), most of which are free and publicly available. A lot of users' personal aspects can be extracted from these UGCs to facilitate personalized applications as validated by many previous studies. Despite their value, UGCs can place users at high privacy risks, which thus far remains largely untapped. Privacy is defined as the individual's ability to control what information is disclosed, to whom, when and under what circumstances. As people and information both play significant roles, privacy has been elaborated as a boundary regulation process, where individuals regulate interaction with others by altering the openness degree of themselves to others. In this paper, we aim to reduce users' privacy risks on social networks by answering the question of Who Can See What. Towards this goal, we present a novel scheme, comprising of descriptive, predictive and prescriptive components. In particular, we first collect a set of posts and extract a group of privacy-oriented features to describe the posts. We then propose a novel taxonomy-guided multi-task learning model to predict which personal aspects are uncovered by the posts. Lastly, we construct standard guidelines by the user study with 400 users to regularize users' actions for preventing their privacy leakage. Extensive experiments on a real-world dataset well verified our scheme.

Yaliang Li,Houping Xiao,Zhan Qin,Chenglin Miao,Lu Su,Jing Gao,Kui Ren,Bolin Ding

DOI: https://doi.org/10.1109/icdcs47774.2020.00037

2020-01-01

Abstract:Nowadays, crowd sensing becomes increasingly more popular due to the ubiquitous usage of mobile devices. However, the quality of such human-generated sensory data varies significantly among different users. To better utilize sensory data, the problem of truth discovery, whose goal is to estimate user quality and infer reliable aggregated results through quality-aware data aggregation, has emerged as a hot topic. Although the existing truth discovery approaches can provide reliable aggregated results, they fail to protect the private information of individual users. Moreover, crowd sensing systems typically involve a large number of participants, making encryption or secure multi-party computation based solutions difficult to deploy. To address these challenges, in this paper, we propose an efficient privacy-preserving truth discovery mechanism with theoretical guarantees of both utility and privacy. The key idea of the proposed mechanism is to perturb data from each user independently and then conduct weighted aggregation among users’ perturbed data. The proposed approach is able to assign user weights based on information quality, and thus the aggregated results will not deviate much from the true results even when large noise is added. We adapt local differential privacy definition to this privacy-preserving task and demonstrate the proposed mechanism can satisfy local differential privacy while preserving high aggregation accuracy. We formally quantify utility and privacy trade-off and further verify the claim by experiments on both synthetic data and a real-world crowd sensing system.

Xuebin Ren,Chia-Mu Yu,Wei Yu,Xinyu Yang,Jun Zhao,Shusen Yang

DOI: https://doi.org/10.1109/JIOT.2020.3020089

2020-09-30

Abstract:In Internet of Things (IoT) driven smart-world systems, real-time crowd-sourced databases from multiple distributed servers can be aggregated to extract dynamic statistics from a larger population, thus providing more reliable knowledge for our society. Particularly, multiple distributed servers in a decentralized network can realize real-time collaborative statistical estimation by disseminating statistics from their separate databases. Despite no raw data sharing, the real-time statistics could still expose the data privacy of crowd-sourcing participants. For mitigating the privacy concern, while traditional differential privacy (DP) mechanism can be simply implemented to perturb the statistics in each timestamp and independently for each dimension, this may suffer a great utility loss from the real-time and multi-dimensional crowd-sourced data. Also, the real-time broadcasting would bring significant overheads in the whole network. To tackle the issues, we propose a novel privacy-preserving and communication-efficient decentralized statistical estimation algorithm (DPCrowd), which only requires intermittently sharing the DP protected parameters with one-hop neighbors by exploiting the temporal correlations in real-time crowd-sourced data. Then, with further consideration of spatial correlations, we develop an enhanced algorithm, DPCrowd+, to deal with multi-dimensional infinite crowd-data streams. Extensive experiments on several datasets demonstrate that our proposed schemes DPCrowd and DPCrowd+ can significantly outperform existing schemes in providing accurate and consensus estimation with rigorous privacy protection and great communication efficiency.

Distributed, Parallel, and Cluster Computing

Wenlong Shen,Bo Yin,Yu Cheng,Xianghui Cao,Qing Li

DOI: https://doi.org/10.1109/icc.2017.7997369

2017-01-01

Abstract:Mobile crowd sensing presents a new sensing paradigm which allows an individual participant with mobile device perform sensing tasks and activities of professional organizations. Privacy is one major concern in the mobile crowd sensing application. In this paper, we first present a fog-assisted mobile crowd sensing architecture, then we propose two privacy-preserving crowd sensing schemes for two categories of crowd sensing applications. The first scheme is based on an additive homomorphic encryption algorithm and allows the service subscriber collect the statistical data without revealing the individual data from each participant. The second scheme is based on a bitwise-XOR homomorphic encryption algorithm and allows the service subscriber collect the accurate data without know which data is from which participant. The proposed schemes can achieve κ-anonymity privacy level for each participant. We also give the performance analysis of the proposed schemes.

Chenglin Miao,Wenjun Jiang,Lu Su,Yaliang Li,Suxin Guo,Zhan Qin,Houping Xiao,Jing Gao,Kui Ren

DOI: https://doi.org/10.1145/3277505

2019-02-21

ACM Transactions on Sensor Networks

Abstract:The recent proliferation of human-carried mobile devices has given rise to the crowd sensing systems. However, the sensory data provided by individual participants are usually not reliable. To better utilize such sensory data, the topic of truth discovery, whose goal is to estimate user quality and infer reliable aggregated results through quality-aware data aggregation, has drawn significant attention. Though able to improve aggregation accuracy, existing truth discovery approaches fail to address the privacy concerns of individual users. In this article, we propose a novel privacy-preserving truth discovery (PPTD) framework, which can protect not only users’ sensory data but also their reliability scores derived by the truth discovery approaches. The key idea of the proposed framework is to perform weighted aggregation on users’ encrypted data using a homomorphic cryptosystem, which can guarantee both high accuracy and strong privacy protection. In order to deal with large-scale data, we also propose to parallelize PPTD with MapReduce framework. Additionally, we design an incremental PPTD scheme for the scenarios where the sensory data are collected in a streaming manner. Extensive experiments based on two real-world crowd sensing systems demonstrate that the proposed framework can generate accurate aggregated results while protecting users’ private information.

computer science, information systems,telecommunications

Fan Peng,Shaohua Tang,Bowen Zhao,Yuxian Liu

DOI: https://doi.org/10.1145/3321408.3321602

2019-01-01

Abstract:Mobile crowdsensing (MCS) is increasingly being used in smart city research to collect data, such as environmental assessment and traffic monitoring. However, this approach introduces a number of privacy and efficiency challenges, as sensing report includes the user's sensitive location and assigned attributes. Many methods adopt differential privacy scheme to protect users' privacy, while the assumption that the server is trusted is not realistic in practical application. Recently, local differential privacy has paved the way for more efficient and private data collection for the untrusted model, though it remains a challenge to obtain effective statistical analysis when applied to small and medium-sized MCS tasks. In this paper, we improve the local ∈-differential privacy method for MCS data aggregation to preserve participant privacy and achieve accurate data analysis. Considering the different attributes of sensing data, we first adopt a distinct local differential privacy procedure to diverse sensing attributes. Then we propose a data aggregation algorithm to count and remove the noise data provided by participants. Simulation results show that the proposed scheme improves analysis accuracy and reduces the lowest number of participants in a task, compared with existing similar solutions.

Kai Xing,Chunqiang Hu,Jiguo Yu,Xiuzhen Cheng,Fengjuan Zhang

DOI: https://doi.org/10.1109/tii.2017.2695487

IF: 12.3

2017-01-01

IEEE Transactions on Industrial Informatics

Abstract:In this paper, we consider the problem of mutual privacy protection in social participatory sensing in which individuals contribute their private information to build a (virtual) community. Particularly, we propose a mutual privacy preserving $k$-means clustering scheme that neither discloses an individual's private information nor leaks the community's characteristic data (clusters). Our scheme contains two privacy-preserving algorithms called at each iteration of the $k$-means clustering. The first one is employed by each participant to find the nearest cluster while the cluster centers are kept secret to the participants; and the second one computes the cluster centers without leaking any cluster center information to the participants while preventing each participant from figuring out other members in the same cluster. An extensive performance analysis is carried out to show that our approach is effective for $k$ -means clustering, can resist collusion attacks, and can provide mutual privacy protection even when the data analyst colludes with all except one participant.

Xuebin Ren,Chia-Mu Yu,Wei Yu,Xinyu Yang,Jun Zhao,Shusen Yang

DOI: https://doi.org/10.1109/jiot.2020.3020089

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:In Internet-of-Things (IoT)-driven smart-world systems, real-time crowdsourced databases from multiple distributed servers can be aggregated to extract dynamic statistics from a larger population, thus providing more reliable knowledge for our society. Particularly, multiple distributed servers in a decentralized network can realize real-time collaborative statistical estimation by disseminating statistics from their separate databases. Despite no raw data sharing, the real-time statistics could still expose the data privacy of crowdsourcing participants. For mitigating the privacy concern, while the traditional differential privacy (DP) mechanism can be simply implemented to perturb the statistics in each timestamp and independently for each dimension, this may suffer a great utility loss from the real-time and multidimensional crowdsourced data. Also, the real-time broadcasting would bring significant overheads in the whole network. To tackle the issues, we propose a novel privacy preserving and communication-efficient decentralized statistical estimation algorithm (DPCrowd), which only requires intermittently sharing the DP protected parameters with one-hop neighbors by exploiting the temporal correlations in real-time crowdsourced data. Then, with further consideration of spatial correlations, we develop an enhanced algorithm, DPCrowd+, to deal with multidimensional infinite crowd-data streams. Extensive experiments on several data sets demonstrate that our proposed schemes DPCrowd and DPCrowd+ can significantly outperform existing schemes in providing accurate and consensus estimation with rigorous privacy protection and great communication efficiency.

Caiqin Nong,Shaohua Tang,Yuanyuan Zhang

DOI: https://doi.org/10.1109/desec.2018.8625121

2018-01-01

Abstract:Crowd-sensing applications, such as traffic monitoring and environmental detection, have brought great convenience to people's lives, but they also face with some problems, for example, participant's privacy leakage at sensing phase, querier's privacy leakage at service phase, and so on. However, the existing privacy protection solutions are difficult to solve the above problems simultaneously. In response to this situation, we design a privacy-preserving metro passenger flow acquisition and query system that can settle these issues simultaneously. Our system can not only provide the metro passenger flow query service, which makes it convenient for the people, but also protect the participant's identity and location privacy as well as querier's query privacy. We exploit the Paillier cryptosystem, pseudonym mechanism, and Secure kNN to achieve these properties in our system. Besides, we also realized the participant accountability, which means that a malicious participant can be banned from participating in the system tasks and prosecuted if he/she is detected to “pollutes” the aggregation results. The privacy analysis and experiments demonstrate that our system is practical and meet the privacy preserving and security requirement.

Kai Xing,Zhiguo Wan,Pengfei Hu,Haojin Zhu,Yuepeng Wang,Xi Chen,Yang Wang,Liusheng Huang

DOI: https://doi.org/10.1109/infcom.2013.6567116

2013-01-01

Abstract:As the advancement of sensing and networking technologies, participatory sensing has raised more and more attention as it provides a promising way enabling public and professional users to gather and analyze private data to understand the world. However, in these participatory sensing applications both data at the individuals and analysis results obtained at the users are usually private and sensitive to be disclosed, e.g., locations, salaries, utility usage, consumptions, behaviors, etc. A natural question, also an important but challenging problem is how to keep both participants and users data privacy while still producing the best analysis to explain a phenomenon.In this paper, we have addressed this issue and proposed M-PERM, a mutual privacy preserving regression modeling approach. Particularly, we launch a series of data transformation and aggregation operations at the participatory nodes, the clusters, and the user. During regression model fitting, we provide a new way for model fitting without any need of the original private data or the exact knowledge of the model expression. To evaluate our approach, we conduct both theoretical analysis and simulation study. The evaluation results show that the proposed approach produces exactly the same best model as if the original private data were used without leakage of the fitted model to any participatory nodes, which is a significant advance compared with the existing approaches [1-5]. It is also shown that the data gathering design is able to reach maximum privacy protection under certain conditions and be robust against collusion attack. Furthermore, compared with existing works under the same context (e.g., [1-5]), to our best knowledge it is the first work showing that not only the model coefficients estimation but also a series of regression analysis and model selection methods are reachable in mutual privacy preserving data analysis scenarios such as participatory sensing.

Chenglin Miao,Wenjun Jiang,Lu Su,Yaliang Li,Suxin Guo,Zhan Qin,Houping Xiao,Jing Gao,Kui Ren

DOI: https://doi.org/10.1145/2809695.2809719

2015-01-01

Abstract:The recent proliferation of human-carried mobile devices has given rise to the crowd sensing systems. However, the sensory data provided by individual participants are usually not reliable. To identify truthful values from the crowd sensing data, the topic of truth discovery, whose goal is to estimate user quality and infer truths through quality-aware data aggregation, has drawn significant attention. Though able to improve aggregation accuracy, existing truth discovery approaches fail to take into consideration an important issue in their design, i.e., the protection of individual users' private information. In this paper, we propose a novel cloud-enabled privacy-preserving truth discovery (PPTD) framework for crowd sensing systems, which can achieve the protection of not only users' sensory data but also their reliability scores derived by the truth discovery approaches. The key idea of the proposed framework is to perform weighted aggregation on users' encrypted data using homomorphic cryptosystem. In order to deal with large-scale data, we also propose to parallelize PPTD with MapReduce framework. Through extensive experiments on not only synthetic data but also real world crowd sensing systems, we justify the guarantee of strong privacy and high accuracy of our proposed framework.

Huijun Dai,Yi Shen,Xiaolin Gui

DOI: https://doi.org/10.1109/SNSP.2018.00028

2018-01-01

Abstract:The trade-off among individual privacy, data utility and data feature of service has been a great concern when designing and evaluating privacy preserving schemes in trajectories publishing. The trajectories data is spatial and temporal correlated strongly. So, Privacy-preserving over them should take the human behaviors and their status into account. In this paper, we develop a novel method to investigate and analyze users' behaviors as well as the crowd density after abstracting users' ROIs. Finally, we evaluate the privacy stress via a well-designed indictor based on the trajectories visualization and analyzation. Experiments show that the method is capable of effectively finding both crowd living patterns and distribution, and the proposed indictor can quantize the mobility data utility precisely in grid.

Ting Li,Zhijin Qiu,Lijuan Cao,Hanshang Li,Zhongwen Guo,Fan Li,Xinghua Shi,Yu Wang

DOI: https://doi.org/10.1109/pccc.2018.8710827

2018-01-01

Abstract:In mobile crowdsensing (MCS), to select the optimal set of participants for a particular sensing task, the cloud-based MCS platform requires mobile users to submit their bids and their sensing quality data. This can cause privacy breaches. One possible solution is to leverage secure sharing or bidding schemes to protect participants' personal information during selection. However, these schemes suffer from high overheads, poor scalability and more importantly, the group formation has never been studied. To address this issue and to enhance the protection of user privacy, we propose a set of novel privacy-preserving grouping methods, which place participants into small groups over hierarchical edge clouds. By doing this, not only can the participants be hidden in groups, but also the overall privacy-preserving participant selection becomes more scalable. The design goal to minimize the communication cost during secure sharing/bidding within groups, while satisfying each participant's requirement for privacy preservation. For different scenarios and optimization functions, we propose a set of grouping schemes to fulfill this goal. Extensive simulations over both synthetic and real-life datasets illustrate the efficiency of proposed mechanisms.

Shushu Liu,An Liu,Guanfeng Liu,Zhixu Li,Jiajie Xu,Pengpeng Zhao,Lei Zhao

DOI: https://doi.org/10.1007/978-3-319-25255-1_64

2015-01-01

Abstract:The well-known cold start problem in traditional collaborative filtering based recommender systems can be effectively addressed by social recommendation, which has been witnessed by a number of researches recently in many application domains. The social graph used in social recommendation is typically owned by a third party such as Facebook and Twitter, and should be hidden from recommender systems for obvious reasons of commercial benefits, as well as due to privacy legislation. In this paper, we present a secure and efficient framework for privacy preserving social recommendation. Our framework is built on mature cryptographic building blocks, including Paillier cryptosystem and Yao' protocol, which lays a solid foundation for the security of our framework. Using our framework, the owner of sales data and the owner of social graph can cooperatively compute social recommendation, without revealing their private data to each other. We theoretically prove the security and analyze the complexity of our framework. Empirical study shows our framework has a linear complexity with respect to the number of users and items in recommender systems and is practical in real applications.