Candidate: Jianbing Ni
Title: Security and Privacy Preservation in Mobile Crowdsensing
Date: July 23, 2018
Time: 10:00 am
Place: EIT 3151-3153
Supervisor(s): Shen, Sherman X. - Lin, Xiaodong (Adjunct)
Mobile Crowdsensing (MCS) is a compelling paradigm that enables a crowd of individuals to cooperatively collect and share data to measure and map phenomena of common interest using their mobile devices. Pairing with inherent mobility and intelligence, mobile users can collect, produce and upload various types of data to service providers based on crowdsensing tasks released by customers, ranging from general information, such as temperature, air quality and traffic condition, to more specialized data, such as recommended places, health condition and voting intentions. Compared with traditional sensor networks, MCS supports large-scale sensing applications, improves sensing data trustworthiness and reduces the cost on deploying expensive hardware or software to acquire high-quality data.
Despite the appealing benefits brought by MCS, it is also confronted with various security and privacy threats, which would impede its rapid development. The service providers have their personal incentives and the servers are vulnerable to be compromised, as well as mobile devices. As a result, data security and user privacy are being put at risk. The corruption of sensing reports may directly impact crowdsensing results, and further mislead customers to make irrational decisions. Moreover, the content of crowdsensing tasks may expose the intention of customers and the sensing reports might inadvertently reveal sensitive information about mobile users. Although a variety of cryptographic techniques can protect data security and user privacy, they bring new barriers in the following ways. First of all, user privacy protection ends up with the difficulty on task allocation, and thereby impacting the data quality collected by mobile users. Secondly, data protection may increase the data size and lead to reduplication detection impossible, and thereby possess large communication bandwidth. Thirdly, if sensing reports are kept confidential, it is impossible for service providers to process and analyze them to generate correct results, particularly in the absence of malicious mobile users. Last but not least, even user privacy is preserved during task allocation and data collection, it may still be exposed in reward distribution, which discourage mobile users in task participation. In short, security and privacy preservation raises dilemmas in task allocation, data collection, data processing and reward feedback for MCS.
In this thesis, we explore the approaches to resolve these dilemmas in MCS. Considering the architecture of MCS, we conduct our research with the focus on security and privacy protection without sacrificing data quality and users' enthusiasm for participation. Specifically, the main contributions are, i) to enable privacy preservation and task allocation, we propose SPOON, a strong privacy-preserving mobile crowdsensing scheme supporting accurate task allocation based on geographic information and credit points of mobile users. In SPOON, the service provider recruits mobile users based on their locations, and selects proper sensing reports according to their trust levels without invading user privacy. By utilizing the BBS+ signature, sensing tasks are protected and reports are anonymized. In addition, a privacy-preserving credit management mechanism is introduced to achieve decentralized trust management and secure credit proof for mobile users; ii) To improve communication efficiency while guaranteeing data confidentiality, we propose a fog-assisted secure data deduplication scheme (Fo-SDD), in which a BLS-oblivious pseudo-random function is developed to enable fog nodes for replicate data detection and deletion in sensing reports without exposing the content of reports. Considering replicate-linking attacks for mobile users who report the same data, the blind signature is exploited to hide users' identities, and Chameleon hash function is leveraged to achieve contribution claim and reward retrieval for anonymous greedy mobile users; iii) To achieve data statistics with privacy preservation, we propose a decentralized and fair aggregate statistics framework for mobile crowdsensing based on blockchain, in which the service provider is enabled to perform statistical operations on the crowdsensed data. We consider that the correctness of statistical results may be corrupted by the misbehaviors mobile users. To incentive mobile users to report correct results, the fairness of auction mechanism is achieved based on the public blockchain and smart contracts; iv) For encourage mobile users for participating tasks, we propose DARD, a dual-anonymous reward distribution scheme to achieve the incentive for mobile users and privacy protection for both customers and mobile users in mobile crowdsensing. It integrated a new reward sharing incentive mechanism to encourage mobile users to participate in tasks, and employ randomizable techniques to protect the identities of customers and mobile users during reward claim, distribution and deposit.
Finally, we summarize the thesis and introduce open research directions in MCS. The research results in this thesis should offer a significant step towards secure and privacy-preserving MCS.
200 University Avenue West
Waterloo, ON N2L 3G1