23 research outputs found
Quality of Information in Mobile Crowdsensing: Survey and Research Challenges
Smartphones have become the most pervasive devices in people's lives, and are
clearly transforming the way we live and perceive technology. Today's
smartphones benefit from almost ubiquitous Internet connectivity and come
equipped with a plethora of inexpensive yet powerful embedded sensors, such as
accelerometer, gyroscope, microphone, and camera. This unique combination has
enabled revolutionary applications based on the mobile crowdsensing paradigm,
such as real-time road traffic monitoring, air and noise pollution, crime
control, and wildlife monitoring, just to name a few. Differently from prior
sensing paradigms, humans are now the primary actors of the sensing process,
since they become fundamental in retrieving reliable and up-to-date information
about the event being monitored. As humans may behave unreliably or
maliciously, assessing and guaranteeing Quality of Information (QoI) becomes
more important than ever. In this paper, we provide a new framework for
defining and enforcing the QoI in mobile crowdsensing, and analyze in depth the
current state-of-the-art on the topic. We also outline novel research
challenges, along with possible directions of future work.Comment: To appear in ACM Transactions on Sensor Networks (TOSN
Integration of Blockchain and Auction Models: A Survey, Some Applications, and Challenges
In recent years, blockchain has gained widespread attention as an emerging
technology for decentralization, transparency, and immutability in advancing
online activities over public networks. As an essential market process,
auctions have been well studied and applied in many business fields due to
their efficiency and contributions to fair trade. Complementary features
between blockchain and auction models trigger a great potential for research
and innovation. On the one hand, the decentralized nature of blockchain can
provide a trustworthy, secure, and cost-effective mechanism to manage the
auction process; on the other hand, auction models can be utilized to design
incentive and consensus protocols in blockchain architectures. These
opportunities have attracted enormous research and innovation activities in
both academia and industry; however, there is a lack of an in-depth review of
existing solutions and achievements. In this paper, we conduct a comprehensive
state-of-the-art survey of these two research topics. We review the existing
solutions for integrating blockchain and auction models, with some
application-oriented taxonomies generated. Additionally, we highlight some open
research challenges and future directions towards integrated blockchain-auction
models
Trajectory Privacy Preservation and Lightweight Blockchain Techniques for Mobility-Centric IoT
Various research efforts have been undertaken to solve the problem of trajectory privacy preservation in the Internet of Things (IoT) of resource-constrained mobile devices. Most attempts at resolving the problem have focused on the centralized model of IoT, which either impose high delay or fail against a privacy-invading attack with long-term trajectory observation. These proposed solutions also fail to guarantee location privacy for trajectories with both geo-tagged and non-geo-tagged data, since they are designed for geo-tagged trajectories only. While a few blockchain-based techniques have been suggested for preserving trajectory privacy in decentralized model of IoT, they require large storage capacity on resource-constrained devices and can only provide conditional privacy when a set of authorities governs the blockchain. This dissertation addresses these challenges to develop efficient trajectory privacy-preservation and lightweight blockchain techniques for mobility-centric IoT.
We develop a pruning-based technique by quantifying the relationship between trajectory privacy and delay for real-time geo-tagged queries. This technique yields higher trajectory privacy with a reduced delay than contemporary techniques while preventing a long-term observation attack. We extend our study with the consideration of the presence of non-geo-tagged data in a trajectory. We design an attack model to show the spatiotemporal correlation between the geo-tagged and non-geo-tagged data which undermines the privacy guarantee of existing techniques. In response, we propose a methodology that considers the spatial distribution of the data in trajectory privacy-preservation and improves existing solutions, in privacy and usability.
With respect to blockchain, we design and implement one of the first blockchain storage management techniques utilizing the mobility of the devices. This technique reduces the required storage space of a blockchain and makes it lightweight for resource-constrained mobile devices. To address the trajectory privacy challenges in an authority-based blockchain under the short-range communication constraints of the devices, we introduce a silence-based one of the first technique to establish a balance between trajectory privacy and blockchain utility.
The designed trajectory privacy- preservation techniques we established are light- weight and do not require an intermediary to guarantee trajectory privacy, thereby providing practical and efficient solution for different mobility-centric IoT, such as mobile crowdsensing and Internet of Vehicles
Security and Privacy Preservation in Mobile Crowdsensing
Mobile crowdsensing (MCS) is a compelling paradigm that enables a crowd of individuals to cooperatively collect and share data to measure phenomena or record events of common interest using their mobile devices. Pairing with inherent mobility and intelligence, mobile users can collect, produce and upload large amounts of data to service providers based on crowdsensing tasks released by customers, ranging from general information, such as temperature, air quality and traffic condition, to more specialized data, such as recommended places, health condition and voting intentions. Compared with traditional sensor networks, MCS can support large-scale sensing applications, improve sensing data trustworthiness and reduce the cost on deploying expensive hardware or software to acquire high-quality data.
Despite the appealing benefits, however, MCS is also confronted with a variety of security and privacy threats, which would impede its rapid development. Due to their own incentives and vulnerabilities of service providers, data security and user privacy are being put at risk. The corruption of sensing reports may directly affect crowdsensing results, and thereby mislead customers to make irrational decisions. Moreover, the content of crowdsensing tasks may expose the intention of customers, and the sensing reports might inadvertently reveal sensitive information about mobile users. Data encryption and anonymization techniques can provide straightforward solutions for data security and user privacy, but there are several issues, which are of significantly importance to make MCS practical. First of all, to enhance data trustworthiness, service providers need to recruit mobile users based on their personal information, such as preferences, mobility pattern and reputation, resulting in the privacy exposure to service providers. Secondly, it is inevitable to have replicate data in crowdsensing reports, which may possess large communication bandwidth, but traditional data encryption makes replicate data detection and deletion challenging. Thirdly, crowdsensed data analysis is essential to generate crowdsensing reports in MCS, but the correctness of crowdsensing results in the absence of malicious mobile users and service providers become a huge concern for customers. Finally yet importantly, even if user privacy is preserved during task allocation and data collection, it may still be exposed during reward distribution. It further discourage mobile users from task participation.
In this thesis, we explore the approaches to resolve these challenges in MCS. Based on the architecture of MCS, we conduct our research with the focus on security and privacy protection without sacrificing data quality and users' enthusiasm. Specifically, the main contributions are, i) to enable privacy preservation and task allocation, we propose SPOON, a strong privacy-preserving mobile crowdsensing scheme supporting accurate task allocation. In SPOON, the service provider recruits mobile users based on their locations, and selects proper sensing reports according to their trust levels without invading user privacy. By utilizing the blind signature, sensing tasks are protected and reports are anonymized. In addition, a privacy-preserving credit management mechanism is introduced to achieve decentralized trust management and secure credit proof for mobile users; ii) to improve communication efficiency while guaranteeing data confidentiality, we propose a fog-assisted secure data deduplication scheme, in which a BLS-oblivious pseudo-random function is developed to enable fog nodes to detect and delete replicate data in sensing reports without exposing the content of reports. Considering the privacy leakages of mobile users who report the same data, the blind signature is utilized to hide users' identities, and chameleon hash function is leveraged to achieve contribution claim and reward retrieval for anonymous greedy mobile users; iii) to achieve data statistics with privacy preservation, we propose a privacy-preserving data statistics scheme to achieve end-to-end security and integrity protection, while enabling the aggregation of the collected data from multiple sources. The correctness verification is supported to prevent the corruption of the aggregate results during data transmission based on the homomorphic authenticator and the proxy re-signature. A privacy-preserving verifiable linear statistics mechanism is developed to realize the linear aggregation of multiple crowdsensed data from a same device and the verification on the correctness of aggregate results; and iv) to encourage mobile users to participating in sensing tasks, we propose a dual-anonymous reward distribution scheme to offer the incentive for mobile users and privacy protection for both customers and mobile users in MCS. Based on the dividable cash, a new reward sharing incentive mechanism is developed to encourage mobile users to participating in sensing tasks, and the randomization technique is leveraged to protect the identities of customers and mobile users during reward claim, distribution and deposit
The Cost of Sybils, Credible Commitments, and False-Name Proof Mechanisms
Consider a mechanism that cannot observe how many players there are directly,
but instead must rely on their self-reports to know how many are participating.
Suppose the players can create new identities to report to the auctioneer at
some cost . The usual mechanism design paradigm is equivalent to implicitly
assuming that is infinity for all players, while the usual Sybil attacks
literature is that it is zero or finite for one player (the attacker) and
infinity for everyone else (the 'honest' players). The false-name proof
literature largely assumes the cost to be 0. We consider a model with variable
costs that unifies these disparate streams.
A paradigmatic normal form game can be extended into a Sybil game by having
the action space by the product of the feasible set of identities to create
action where each player chooses how many players to present as in the game and
their actions in the original normal form game. A mechanism is (dominant)
false-name proof if it is (dominant) incentive-compatible for all the players
to self-report as at most one identity. We study mechanisms proposed in the
literature motivated by settings where anonymity and self-identification are
the norms, and show conditions under which they are not Sybil-proof. We
characterize a class of dominant Sybil-proof mechanisms for reward sharing and
show that they achieve the efficiency upper bound. We consider the extension
when agents can credibly commit to the strategy of their sybils and show how
this can break mechanisms that would otherwise be false-name proof
Recommended from our members
Blockchain based secure message dissemination in vehicular networks
Vehicular ad-hoc networks (VANETs) are one of the key elements in Intelligent Transportation System (ITS) to enable information exchange among vehicles and Roadside Units (RSUs) via vehicle-to-vehicle (V2V) and vehicle-to- nfrastructure (V2I) communications. With continuously increasing number of vehicles on road, there are numerous security and privacy challenges associated with VANETs. Communication among vehicles is needed to be secure and bandwidth efficient. Also, the messages exchanged between vehicles must be authentic so as to maintain a trusted network in a privacy-preserving manner. Furthermore, a sustainable economic model is required to incentivise honest and cooperative vehicles. Traditional security and privacy solutions in centralised networks are not applicable to VANETs due to its distributed nature, heterogeneity, high mobility and low latency requirements. Meanwhile, the new development of blockchain has been attracting significant interests due to its key features including consensus to evaluate message credibility and immutable storage in distributed ledger, which provides an alternative solution to the security and privacy challenges in VANETs.
This thesis aims to present blockchain solutions for the security and privacy of VANETs meeting the stringent requirements of low latency and bandwidth-efficient message dissemination. VANETs are simulated in OMNeT++ to validate the proposed solutions. Specifically, two novel blockchain consensus algorithms have been developed for message authentication and relay selection in presence of malicious vehicles. The first employs a voting based message validation and relay selection, which reduces the failure rate in message validation by 11% as compared to reputation based consensus. The second utilises federated learning supported by blockchain as a better privacy-preserving solution, which is 65.2% faster than the first voting based solution. Both approaches include blockchain-based incentive mechanisms and game theory analysis to observe strategic behaviour of honest and malicious vehicles. To further study the privacy aspect of vehicular networks, the integration of blockchain with physical layer security is also theoretically analysed in Vehicle-to-Everything (V2X) communications scenarios. The integration results in 8.2 Mbps increased goodput as compared to the blockchain solution alone.
In essence, our research work shows that blockchain can offer better control and security, as compared to centralised solutions, if properly adjusted according to the application and network requirements. Thus, the proposed solutions can provide guidelines for practically feasible application of blockchain in vehicular networks
Crowdsourcing atop blockchains
Traditional crowdsourcing systems, such as Amazon\u27s Mechanical Turk (MTurk), though once acquiring great economic successes, have to fully rely on third-party platforms to serve between the requesters and the workers for basic utilities. These third-parties have to be fully trusted to assist payments, resolve disputes, protect data privacy, manage user authentications, maintain service online, etc. Nevertheless, tremendous real-world incidents indicate how elusive it is to completely trust these platforms in reality, and the reduction of such over-reliance becomes desirable.
In contrast to the arguably vulnerable centralized approaches, a public blockchain is a distributed and transparent global consensus computer that is highly robust. The blockchain is usually managed and replicated by a large-scale peer-to-peer network collectively, thus being much more robust to be fully trusted for correctness and availability. It, therefore, becomes enticing to build novel crowdsourcing applications atop blockchains to reduce the over-trust on third-party platforms.
However, this new fascinating technology also brings about new challenges, which were never that severe in the conventional centralized setting. The most serious issue is that the blockchain is usually maintained in the public Internet environment with a broader attack surface open to anyone. This not only causes serious privacy and security issues, but also allows the adversaries to exploit the attack surface to hamper more basic utilities. Worse still, most existing blockchains support only light on-chain computations, and the smart contract executed atop the decentralized consensus computer must be simple, which incurs serious feasibility problems. In reality, the privacy/security issue and the feasibility problem even restrain each other and create serious tensions to hinder the broader adoption of blockchain.
The dissertation goes through the non-trivial challenges to realize secure yet still practical decentralization (for urgent crowdsourcing use-cases), and lay down the foundation for this line of research. In sum, it makes the next major contributions.
First, it identifies the needed security requirements in decentralized knowledge crowdsourcing (e.g., data privacy), and initiates the research of private decentralized crowdsourcing. In particular, the confidentiality of solicited data is indispensable to prevent free-riders from pirating the others\u27 submissions, thus ensuring the quality of solicited knowledge. To this end, a generic private decentralized crowdsourcing framework is dedicatedly designed, analyzed, and implemented.
Furthermore, this dissertation leverages concretely efficient cryptographic design to reduce the cost of the above generic framework. It focuses on decentralizing the special use-case of Amazon MTurk, and conducts multiple specific-purpose optimizations to remove needless generality to squeeze performance. The implementation atop Ethereum demonstrates a handling cost even lower than MTurk.
In addition, it focuses on decentralized crowdsourcing of computing power for specific machine learning tasks. It lets a requester place deposits in the blockchain to recruit some workers for a designated (randomized) programs. If and only if these workers contribute their resources to compute correctly, they would earn well-deserved payments. For these goals, a simple yet still useful incentive mechanism is developed atop the blockchain to deter rational workers from cheating.
Finally, the research initiates the first systematic study on crowdsourcing blockchains\u27 full nodes to assist superlight clients (e.g., mobile phones and IoT devices) to read the blockchain\u27s records. This dissertation presents a novel generic solution through the powerful lens of game-theoretic treatments, which solves the long-standing open problem of designing generic superlight clients for all blockchains