Xiuwen Liu,Yanjiao Chen

DOI: https://doi.org/10.1016/j.comnet.2022.109507

2022-01-01

SSRN Electronic Journal

Abstract:In mobile crowdsensing systems, the public crowd are required to report data with actual locations under location privacy vulnerabilities. Moreover, even sensing data itself further deepens location privacy breaches. Existing works allow each worker to consider his own privacy, but the accumulated privacy budget will lower down group data privacy of each sensing region. Moreover, multi-region spatial data correlations indicate that multi-group correlated data privacy may be leaked from each other. To this end, we develop a novel MCS framework, called GDA-Crowd(Group effect-based Data Aggregation), which consists of three parts: location obfuscation and aggregation, group effect-based data privacy and aggregation, and incentive mechanism. We start from individual location privacy guarantee and propose a location aggregation method to cluster workers into groups. Then, we exploit intra-group effect, i.e., data privacy interdependence under the judicious selection of workers’ participation, to enhance privacy-accuracy balance. Moreover, multi-group global histogram incorporates inter-group effect, i.e., correlated privacy loss from spatial data correlations, into inter-group data aggregation. Finally, we design a truthful, individually rational and computationally efficient incentive mechanism for participant selection. The synopsis of contributions includes dual privacy protection, dual group effect for desirable privacy-accuracy tradeoff, synergies among incentive mechanism, privacy-preserving data aggregation for approximate optimality. Theoretical analysis and extensive experiments validate our effectiveness and superiority.

Leye Wang,Daqing Zhang,Dingqi Yang,Brian Y. Lim,Xiao Han,Xiaojuan Ma

DOI: https://doi.org/10.1109/tifs.2020.2975925

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Sparse Mobile Crowdsensing (MCS) has become a compelling approach to acquire and make inference on urban-scale sensing data. However, participants risk their location privacy when reporting data with their actual sensing positions. To address this issue, we adopt e-differential-privacy in Sparse MCS to provide a theoretical guarantee for participants' location privacy regardless of an adversary's prior knowledge. Furthermore, to reduce the data quality loss caused by differential location obfuscation, we propose a privacypreserving framework with three components. First, we learn a data adjustment function to fit the original sensing data to the obfuscated location. Second, we apply a linear program to select an optimal location obfuscation function, which aims to minimize the uncertainty in data adjustment. We also propose a fast approximated variant. Third, we propose an uncertaintyaware inference algorithm to improve the inference accuracy of obfuscated data. Evaluations with real environment and traffic datasets show that our optimal method reduces the data quality loss by up to 42% compared to existing differential privacy methods.

Mengdi Huai,Liusheng Huang,Yu-e Sun,Wei Yang

DOI: https://doi.org/10.1109/bdcloud.2015.54

2015-01-01

Abstract:Mobile crowdsensing applications can learn the aggregate statistics over personal data to produce useful knowledge about the world. Since personal data may be privacy-sensitive, the aggregator should only gain desired statistics without learning anything about the personal data. Differential privacy, the state-of-the-art privacy mechanism, can provide strong protection to ensure parties' privacy in such scenarios. Correspondingly, based on the differential privacy, many collusion-tolerant aggregation schemes have been proposed. However, those collusion-tolerant schemes usually incur high accumulated error and also require the priori knowledge of the fraction of those colluded parties. In this paper, we propose a differential-private collusion-tolerant aggregation protocol, while incurring no additionally error except the noise required for providing the differential privacy guarantee. Another salient characteristic of the proposed protocol is that it need not to have an priori estimation of those colluded parties. In addition, we also design an efficient aggregation encryption scheme to support those mobile crowdsensing applications where large plaintext is required. We also make some extensions to make the proposed protocol more applicable in realities, such as the fault tolerant. The analysis shows that the proposed protocol can achieve desired goals, and the performance evaluation demonstrates the protocol's efficiency in reality.

Lei Yang,Mengyuan Zhang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1145/3209582.3209598

2018-01-01

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for a sensing task. In this framework, the workers are allowed to report privacy-preserving versions of their data to protect their data privacy; and the platform selects workers based on their sensing capabilities, which aims to address the drawbacks of game-theoretic models that cannot ensure the accuracy level of the aggregated result, due to the existence of multiple Nash Equilibria. Observe that in this auction based framework, there exists externalities among workers' data privacy, because the data privacy of each worker depends on both her injected noise and the total noise in the aggregated result that is intimately related to which workers are selected to fulfill the task. To achieve a desirable accuracy level of the data aggregation in a cost-effective manner, we explicitly characterize the externalities, i.e., the impact of the noise added by each worker on both the data privacy and the accuracy of the aggregated result. Further, we explore the problem structure, characterize the hidden monotonicity property of the problem, and determine the critical bid of workers, which makes it possible to design a truthful, individually rational and computationally efficient incentive mechanism. The proposed incentive mechanism can recruit a set of workers to approximately minimize the cost of purchasing private sensing data from workers subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Xudong Wang,Chenhao Ying,Yuan Luo

DOI: https://doi.org/10.1109/globecom42002.2020.9322169

2020-01-01

Abstract:In recent years, crowdsensing has received extensive attention both in academia and industry. However, most of the prior works are based on centralized framework, where the users upload the sensor data to a platform alone. In this paper, we propose a decentralized data aggregation algorithm for crowdsensing, in which, participants negotiate the average of their sensor data in a pure distributed manner while enjoying differential privacy guarantee. Taking participants’ privacy into consideration, we first redesign a distributed averaging algorithm by artificially adding random noise to accommodate the mobile crowdsensing scenario, where the sensor data may be sensible. We prove that, though random noises are involved, our algorithm almost surely yields an unbiased estimate of the exact average. We further theoretically formulate the trade-offs between differential privacy and the accuracy of the algorithm. Finally, we give the optimal choice for the additive noise with respect to the variance minimization of the estimate. The extensive simulations and realword test demonstrate the effectiveness of our algorithm.

Xingfu Yan,Wing W. Y. Ng,Bowen Zhao,Yuxian Liu,Ying Gao,Xiumin Wang

DOI: https://doi.org/10.1109/tdsc.2023.3277831

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Privacy-preserving data aggregation in mobile crowdsensing (MCS) focuses on mining information from massive sensing data while protecting users' privacy. The existence of multiple concurrent tasks is common in urban environments, so privacy-preserving multi-task data aggregation is essential and useful to a large-scale crowdsensing server. However, existing privacy-preserving data aggregation schemes in MCS mainly focus on the single-task data aggregation and the privacy protection of user's data. Little attention is paid to the privacy of user's decision of accepting tasks. Therefore, we propose a privacy-preserving and server-oriented efficient multi-task data aggregation scheme for MCS based fog computing. The proposed scheme can aggregate multiple concurrent tasks from multiple requesters (e.g., for 9 tasks, the proposed scheme completes all tasks in one round as opposed to existing schemes, which finish 9 tasks in nine rounds). Our scheme protects the privacy of user's decision, user's data, and aggregation result of each requester under collusion attacks. Through formal security analyses, our scheme is proved to be secure and privacy-preserving. Both theoretical analyses and experiments show our scheme is efficient.

Mengyuan Zhang,Lei Yang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1109/tnet.2021.3056490

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for sensing tasks. The workers are allowed to report noisy versions of their data for privacy protection; and the platform selects workers by taking into account their sensing capabilities to ensure the accuracy level of the aggregated result. Observe that when moving the control of data privacy from the data aggregator to the workers, the data aggregator has limited market power in the sense that it can only partially control the noise by judiciously choosing a subset of workers based on workers' privacy preferences. This introduces externalities because the privacy of each worker depends on the total noise in the aggregated result that in turn relies on which workers are selected. Specifically, we first consider a privacy-passive scenario where workers participate if their privacy loss can be adequately compensated by the rewards. We explicitly characterize the externalities and the hidden monotonicity property of the problem, making it possible to design a truthful, individually rational and computationally efficient incentive mechanism. We then extend the results to a privacy-proactive scenario where workers have individual requirements for their perceivable data privacy levels. Our proposed mechanisms for both scenarios can select a subset of workers to (nearly) minimize the cost of purchasing their private sensing data subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Xingfu Yan,Biao Zeng,Xinglin Zhang

DOI: https://doi.org/10.1109/jiot.2022.3168745

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Data aggregation is a fundamental problem in mobile crowdsensing (MCS). However, the existing approaches are still unsatisfactory considering the privacy protection of sensing data and aggregation results. In addition, most existing privacy-preserving data aggregation schemes can only support a single type of aggregation, which limits their application scenarios. To address these issues, we propose a novel privacy-preserving and customization-supported data aggregation scheme that can achieve multiple types of aggregation. Specifically, we utilize additive secret sharing ( $\mathcal {ASS}$ ) to protect the privacy of both sensing data and aggregation results and then propose a simplified secure triplet generation protocol based on $\mathcal {ASS}$ to construct secure aggregation operations. Moreover, we design a secure comparison (SC) algorithm and a secure top- $K$ algorithm to realize customized aggregation (i.e., statistical aggregation over top- $K$ largest or smallest values of sensing data). The formal theoretical analysis demonstrates that the proposed scheme is effective, and the extensive experiments conducted on a real-world data set show that the proposed approach is privacy preserving and efficient.

Qiong Zhang,Taochun Wang,Yuan Tao,Nuo Xu,Fulong Chen,Dong Xie

DOI: https://doi.org/10.1016/j.adhoc.2024.103464

IF: 4.816

2024-03-06

Ad Hoc Networks

Abstract:With the widespread popularity of smart phones, watches and other devices, mobile crowdsensing (MCS) has gradually entered the public's field of vision. However, the widespread use of MCS technology is accompanied by an increasing risk of workers' personal privacy being violated. Typically, workers are required to submit location information in order to participate in task assignments, and the privacy of a worker's location information is a key factor in determining worker participation. Therefore, in order to solve the problem of workers location privacy leakage in the process of task allocation, this paper proposes a location privacy protection method based on local differential privacy (VLDPP). VLDPP constructs a task map based on Voronoi diagram according to the task location, and each task location is mapped into a task area to hide the task location. A local coordinate system is constructed based on the task area, and all workers in the area have their relative location coordinates recalculated and encoded, and then the encoding is perturbed by local differential privacy, thus ensuring workers location privacy. The worker uploads the perturbed location information to the server, which determines the workers in the task by calculating the worker's acceptance rate and completes the task allocation. In addition, this paper improves the availability of perturbed worker location information by dividing the task area at a secondary level. This paper uses the internationally recognized World Check-In Gowalla dataset for experimental evaluation, which shows that the proposed method has good performance in terms of data availability and efficiency, providing adequate privacy guarantees.

computer science, information systems,telecommunications

Qing Yang,Fujun Ji,Fei Liu

DOI: https://doi.org/10.1155/2024/5374764

IF: 2.249

2024-03-08

Journal of Advanced Transportation

Abstract:Mobile smart devices, such as mobile phones, wearable devices, and in-vehicle navigation systems, bring us convenience and have become necessities in modern daily life. The built-in global positioning system (GPS) of these mobile devices collects the users’ mobility data to support path planning, navigation and other location-related applications, which also inevitably causes privacy issues. Previous research has shown that employing count-min sketch (CMS) to aggregate mobility datasets is a valid privacy-preserving method for resisting the reconstruction attack on population distributions. However, as the utility/accessibility of the protected datasets is excessively correlated with the size of CMS, decreasing the data transmission cost has become an unsolved issue of that approach. In this paper, we propose an efficient scheme with differential privacy to protect mobility datasets, which releases the privacy-preserving population distributions and achieves better utility as well as a much smaller data transmission cost compared to the CMS-based method. Our proposed scheme is comprised of two collaborative components, global sketch and temporal sketch. The global sketch is responsible for aggregating the raw mobility data and decreasing the data transmission cost, while the temporal sketch is in charge of guaranteeing the utility of the population distributions aggregated by the global sketch. Besides, to enhance the privacy preservation, we employ the Laplace mechanism to make the transmitted data satisfy ε -differential privacy. Through our analysis and empirical experiments, compared to the other three state-of-the-art privacy-preserving methods on mobility datasets, our scheme could preserve the privacy of the mobility datasets with much less data transmission cost under the same utility loss.

transportation science & technology,engineering, civil

Zhibo Wang,Xiaoyi Pang,Jiahui Hu,Wenxin Liu,Qian Wang,Yanjun Li,Honglong Chen

DOI: https://doi.org/10.1109/mcom.001.1800674

IF: 9.03

2019-01-01

IEEE Communications Magazine

Abstract:Mobile crowdsensing (MCS) has now become an effective paradigm to collect massive data for various sensing applications. However, the interactions between mobile users and the platform, and the data release to third parties, pose severe challenges of privacy leakage for MCS systems, such as the leakage of users' identities and locations. Although several works on MCS have explored the privacy issues in task allocation, incentive, and data reporting, there is still a lack of a comprehensive privacy preserving framework for MCS to protect the privacy of users throughout users' involvement in crowdsensing tasks. In this article, we divide the life cycle of each crowdsensing task in MCS into four phases: task allocation, incentive, data collection, and data publishing, and design a privacy-preserving framework for MCS to protect users' privacy in the whole life cycle of MCS.

Xingfu Yan,Wing W. Y. Ng,Biao Zeng,Changlu Lin,Yuxian Liu,Lu,Ying Gao

DOI: https://doi.org/10.1109/jiot.2021.3068490

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Fog-assisted mobile crowdsensing (FA-MCS) alleviates challenges with respect to computation, communication, and storage from the traditional model of mobile crowdsensing (MCS) "requester-server-users." Data aggregation, as a specific MCS task, has attracted a lot of attentions in mining the potential value of the massive crowdsensing data. However, the process of data aggregation in FA-MCS may threaten the privacies of both users' data and aggregation results. The untrusted server and fog nodes (FNs) may damage the correctness of aggregation results. Moreover, bad FNs, which do not upload data to server or fail to verify successfully, can endanger the reliability of FA-MCS and the accuracy of aggregation results. To tackle these problems, we propose a verifiable, reliable, and privacy-preserving data aggregation scheme for FA-MCS. Specifically, the proposed scheme preserves privacies of both users' data and aggregation results, enables requester to verify the correctness of aggregation result, and is able to tolerate several bad FNs without affecting the data aggregation result. Through formal security analysis, the proposed scheme is shown to be secure and privacy preserving. Extensive experiments also show the proposed scheme is efficient and reliable.

Yuan Tao,Taochun Wang,Yong Qiang,Leilei Shen,Fulong Chen,Chuanxin Zhao

DOI: https://doi.org/10.1016/j.comnet.2024.110421

IF: 5.493

2024-04-24

Computer Networks

Abstract:Location information is often required for task allocation in mobile crowdsensing. However, directly uploading location information can raise concerns about privacy leakage among users. To address this issue and protect users privacy when uploading location data to the server, this paper proposes a novel method based on differential privacy for preserving location information. The main idea is to utilize Hilbert mapping to transform the two-dimensional location coordinate of the user into a one-dimensional Hilbert index. Then, Laplace noise is added to the index to introduce a perturbed index, ensuring the protection of location privacy. To enhance the usability of the perturbed index, this paper treats the Laplace noise as a random variable and employs mathematical integration to measure the distance between users and tasks. Leveraging the characteristic of the Hilbert index, wherein a small change in the indexes can result in a large distance between corresponding coordinates, the combination of differential privacy and Hilbert mapping offers enhanced effectiveness compared to conventional differential privacy location preservation schemes. Finally, the proposed scheme is evaluated using the real dataset, and the experiments validate its efficacy.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Pei Huang,Xiaonan Zhang,Linke Guo,Ming Li

DOI: https://doi.org/10.1109/tmc.2019.2946800

IF: 6.075

2021-02-01

IEEE Transactions on Mobile Computing

Abstract:Mobile crowd sensing is a technique where a crowd sensing server outsources sensing tasks to the crowd for mobile data collection. In mobile crowd sensing, some tasks require location information to achieve their objectives, such as road monitoring, indoor floor plan reconstruction, and smart transportation. This required information incurs severe concerns on location privacy leakage and threatens workers' properties as well as public safety. In some cases, even sensing data itself can be used as auxiliary information resulting in location privacy breaches. Many existing works apply differential privacy mechanisms for location privacy preservation to tackle this problem, but they cannot efficiently fulfill privacy goals because each worker only considers his own privacy. As a consequence, the accumulated privacy budget will lower down the composed privacy level of all the workers' locations. In addition, deploying differential privacy is costly for workers and it will degrade the quality of data required in crowd sensing tasks. How to balance the cost and provide accurate aggregated data while fulfilling privacy objectives becomes a challenging issue. In this paper, we propose a group-differentially-private game-theoretical solution, which addresses these limitations in a privacy-preserving and efficient way. Our scheme enables the indistinguishability of workers' locations and sensing data without the help of a trusted entity while meeting the accuracy demands of crowd sensing tasks. The effectiveness and efficiency of our scheme are thoroughly evaluated based on real-world datasets.

computer science, information systems,telecommunications

Bowen Zhao,Ximeng Liu,Wei-neng Chen

DOI: https://doi.org/10.48550/arXiv.2102.10109

2021-02-20

Cryptography and Security

Abstract:Mobile crowdsensing (MCS) is an emerging sensing data collection pattern with scalability, low deployment cost, and distributed characteristics. Traditional MCS systems suffer from privacy concerns and fair reward distribution. Moreover, existing privacy-preserving MCS solutions usually focus on the privacy protection of data collection rather than that of data processing. To tackle faced problems of MCS, in this paper, we integrate federated learning (FL) into MCS and propose a privacy-preserving MCS system, called \textsc{CrowdFL}. Specifically, in order to protect privacy, participants locally process sensing data via federated learning and only upload encrypted training models. Particularly, a privacy-preserving federated averaging algorithm is proposed to average encrypted training models. To reduce computation and communication overhead of restraining dropped participants, discard and retransmission strategies are designed. Besides, a privacy-preserving posted pricing incentive mechanism is designed, which tries to break the dilemma of privacy protection and data evaluation. Theoretical analysis and experimental evaluation on a practical MCS application demonstrate the proposed \textsc{CrowdFL} can effectively protect participants privacy and is feasible and efficient.

Guang Yang,Shibo He,Junshan Zhang,Zhiguo Shi

DOI: https://doi.org/10.1109/tvt.2019.2950907

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Crowdsensing has been recognized as a promising data collection paradigm, in which a platform outsources sensing tasks to a large number of users. However, requesting users to report raw data may give rise to many practical concerns, such as a significant overhead of communication and central processing, besides users' privacy concerns. In many scenarios (e.g, advertising and recommendation), the data collector directly benefits from statistical aggregation of raw data. Thus motivated, we consider the data collection problem based on user's local histograms, which is intimately related to the fundamental trade-off between the platform's accuracy and users' privacy. Because of users' social relationship, their data are often correlated, indicating that users' privacy may be leaked from others' data. To tackle this challenge, we first utilize Gaussian Markov random fields to model the correlation structure embedded in users' data. The data collection is modeled as a Stackelberg game where the platform decides its reward policy and users decide their noise levels while taking into account the social coupling among users. For the reward policy design, we first establish the relationship between users' Nash equilibrium and the payment mechanism, and then optimize the platform's accuracy under a budget constraint. Further, since the noise levels are users' private information, they may use falsified noise levels to achieve higher payoffs, which in turn impairs the crowdsensing performance. It turns out that with the insight into the correlation structure among users' data, the information asymmetry can be overcome based on peer prediction. We revisit the payment mechanism to guarantee dominant truthfulness of each user's strategy. Theoretical analysis and numerical results demonstrate the effectiveness of the proposed mechanism.

Ting Li,Zhijin Qiu,Lijuan Cao,Hanshang Li,Zhongwen Guo,Fan Li,Xinghua Shi,Yu Wang

DOI: https://doi.org/10.1109/pccc.2018.8710827

2018-01-01

Abstract:In mobile crowdsensing (MCS), to select the optimal set of participants for a particular sensing task, the cloud-based MCS platform requires mobile users to submit their bids and their sensing quality data. This can cause privacy breaches. One possible solution is to leverage secure sharing or bidding schemes to protect participants' personal information during selection. However, these schemes suffer from high overheads, poor scalability and more importantly, the group formation has never been studied. To address this issue and to enhance the protection of user privacy, we propose a set of novel privacy-preserving grouping methods, which place participants into small groups over hierarchical edge clouds. By doing this, not only can the participants be hidden in groups, but also the overall privacy-preserving participant selection becomes more scalable. The design goal to minimize the communication cost during secure sharing/bidding within groups, while satisfying each participant's requirement for privacy preservation. For different scenarios and optimization functions, we propose a set of grouping schemes to fulfill this goal. Extensive simulations over both synthetic and real-life datasets illustrate the efficiency of proposed mechanisms.

Liang Li,Xinyue Zhang,Ronghui Hou,Hao Yue,Hui Li,Miao Pan

DOI: https://doi.org/10.1109/globecom38437.2019.9013831

2019-01-01

Abstract:Mobile crowdsensing is recognized to be a promising paradigm wherein location-based sensing tasks are out-sourced to participants carrying mobile devices. A prominent issue of crowdsensing is to guarantee the sensing coverage by appropriately recruiting participating devices, which requires the disclosure of participants locations and leads to potential location privacy threats. In this paper, we aim to develop a privacy-preserving participant recruiting scheme for mobile crowdsensing, which guarantees the crowdsensing coverage while preserving participants' location differential privacy against a semi-honest crowdsensing aggregator. Briefly, based on the differential private geo-indistinguishability method, we enable candidate participants to locally perturb their location data. With the obfuscated location information, we formulate the crowdsensing coverage optimization as an Integer Program (IP), and develop a 1 - (1 - 1/f)(f)-approximation algorithm, which yields a near-optimal participant recruiting solution. Through extensive simulations, we demonstrate the tradeoff between privacy preservation and crowdsensing utility, and show that satisfactory crowdsensing coverage can be achieved while preserving the participants' differential location privacy.

Wenlong Shen,Bo Yin,Yu Cheng,Xianghui Cao,Qing Li

DOI: https://doi.org/10.1109/icc.2017.7997369

2017-01-01

Abstract:Mobile crowd sensing presents a new sensing paradigm which allows an individual participant with mobile device perform sensing tasks and activities of professional organizations. Privacy is one major concern in the mobile crowd sensing application. In this paper, we first present a fog-assisted mobile crowd sensing architecture, then we propose two privacy-preserving crowd sensing schemes for two categories of crowd sensing applications. The first scheme is based on an additive homomorphic encryption algorithm and allows the service subscriber collect the statistical data without revealing the individual data from each participant. The second scheme is based on a bitwise-XOR homomorphic encryption algorithm and allows the service subscriber collect the accurate data without know which data is from which participant. The proposed schemes can achieve κ-anonymity privacy level for each participant. We also give the performance analysis of the proposed schemes.

Yaliang Li,Houping Xiao,Zhan Qin,Chenglin Miao,Lu Su,Jing Gao,Kui Ren,Bolin Ding

DOI: https://doi.org/10.1109/icdcs47774.2020.00037

2020-01-01

Abstract:Nowadays, crowd sensing becomes increasingly more popular due to the ubiquitous usage of mobile devices. However, the quality of such human-generated sensory data varies significantly among different users. To better utilize sensory data, the problem of truth discovery, whose goal is to estimate user quality and infer reliable aggregated results through quality-aware data aggregation, has emerged as a hot topic. Although the existing truth discovery approaches can provide reliable aggregated results, they fail to protect the private information of individual users. Moreover, crowd sensing systems typically involve a large number of participants, making encryption or secure multi-party computation based solutions difficult to deploy. To address these challenges, in this paper, we propose an efficient privacy-preserving truth discovery mechanism with theoretical guarantees of both utility and privacy. The key idea of the proposed mechanism is to perturb data from each user independently and then conduct weighted aggregation among users’ perturbed data. The proposed approach is able to assign user weights based on information quality, and thus the aggregated results will not deviate much from the true results even when large noise is added. We adapt local differential privacy definition to this privacy-preserving task and demonstrate the proposed mechanism can satisfy local differential privacy while preserving high aggregation accuracy. We formally quantify utility and privacy trade-off and further verify the claim by experiments on both synthetic data and a real-world crowd sensing system.