Security and Privacy Preservation in Mobile Crowdsensing

Mobile crowdsensing (MCS) is a compelling paradigm that enables a crowd of individuals to cooperatively collect and share data to measure phenomena or record events of common interest using their mobile devices. Pairing with inherent mobility and intelligence, mobile users can collect, produce and upload large amounts of data to service providers based on crowdsensing tasks released by customers, ranging from general information, such as temperature, air quality and traffic condition, to more specialized data, such as recommended places, health condition and voting intentions. Compared with traditional sensor networks, MCS can support large-scale sensing applications, improve sensing data trustworthiness and reduce the cost on deploying expensive hardware or software to acquire high-quality data. Despite the appealing benefits, however, MCS is also confronted with a variety of security and privacy threats, which would impede its rapid development. Due to their own incentives and vulnerabilities of service providers, data security and user privacy are being put at risk. The corruption of sensing reports may directly affect crowdsensing results, and thereby mislead customers to make irrational decisions. Moreover, the content of crowdsensing tasks may expose the intention of customers, and the sensing reports might inadvertently reveal sensitive information about mobile users. Data encryption and anonymization techniques can provide straightforward solutions for data security and user privacy, but there are several issues, which are of significantly importance to make MCS practical. First of all, to enhance data trustworthiness, service providers need to recruit mobile users based on their personal information, such as preferences, mobility pattern and reputation, resulting in the privacy exposure to service providers. Secondly, it is inevitable to have replicate data in crowdsensing reports, which may possess large communication bandwidth, but traditional data encryption makes replicate data detection and deletion challenging. Thirdly, crowdsensed data analysis is essential to generate crowdsensing reports in MCS, but the correctness of crowdsensing results in the absence of malicious mobile users and service providers become a huge concern for customers. Finally yet importantly, even if user privacy is preserved during task allocation and data collection, it may still be exposed during reward distribution. It further discourage mobile users from task participation. In this thesis, we explore the approaches to resolve these challenges in MCS. Based on the architecture of MCS, we conduct our research with the focus on security and privacy protection without sacrificing data quality and users' enthusiasm. Specifically, the main contributions are, i) to enable privacy preservation and task allocation, we propose SPOON, a strong privacy-preserving mobile crowdsensing scheme supporting accurate task allocation. In SPOON, the service provider recruits mobile users based on their locations, and selects proper sensing reports according to their trust levels without invading user privacy. By utilizing the blind signature, sensing tasks are protected and reports are anonymized. In addition, a privacy-preserving credit management mechanism is introduced to achieve decentralized trust management and secure credit proof for mobile users; ii) to improve communication efficiency while guaranteeing data confidentiality, we propose a fog-assisted secure data deduplication scheme, in which a BLS-oblivious pseudo-random function is developed to enable fog nodes to detect and delete replicate data in sensing reports without exposing the content of reports. Considering the privacy leakages of mobile users who report the same data, the blind signature is utilized to hide users' identities, and chameleon hash function is leveraged to achieve contribution claim and reward retrieval for anonymous greedy mobile users; iii) to achieve data statistics with privacy preservation, we propose a privacy-preserving data statistics scheme to achieve end-to-end security and integrity protection, while enabling the aggregation of the collected data from multiple sources. The correctness verification is supported to prevent the corruption of the aggregate results during data transmission based on the homomorphic authenticator and the proxy re-signature. A privacy-preserving verifiable linear statistics mechanism is developed to realize the linear aggregation of multiple crowdsensed data from a same device and the verification on the correctness of aggregate results; and iv) to encourage mobile users to participating in sensing tasks, we propose a dual-anonymous reward distribution scheme to offer the incentive for mobile users and privacy protection for both customers and mobile users in MCS. Based on the dividable cash, a new reward sharing incentive mechanism is developed to encourage mobile users to participating in sensing tasks, and the randomization technique is leveraged to protect the identities of customers and mobile users during reward claim, distribution and deposit

Secure Data Sharing in Cloud Computing: A Comprehensive Review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers

Secure data sharing in cloud computing: a comprehensive review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers

Shuffled linear regression through graduated convex relaxation

The shuffled linear regression problem aims to recover linear relationships in datasets where the correspondence between input and output is unknown. This problem arises in a wide range of applications including survey data, in which one needs to decide whether the anonymity of the responses can be preserved while uncovering significant statistical connections. In this work, we propose a novel optimization algorithm for shuffled linear regression based on a posterior-maximizing objective function assuming Gaussian noise prior. We compare and contrast our approach with existing methods on synthetic and real data. We show that our approach performs competitively while achieving empirical running-time improvements. Furthermore, we demonstrate that our algorithm is able to utilize the side information in the form of seeds, which recently came to prominence in related problems

Context-Aware Generative Adversarial Privacy

Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. On the one hand, context-free privacy solutions, such as differential privacy, provide strong privacy guarantees, but often lead to a significant reduction in utility. On the other hand, context-aware privacy solutions, such as information theoretic privacy, achieve an improved privacy-utility tradeoff, but assume that the data holder has access to dataset statistics. We circumvent these limitations by introducing a novel context-aware privacy framework called generative adversarial privacy (GAP). GAP leverages recent advancements in generative adversarial networks (GANs) to allow the data holder to learn privatization schemes from the dataset itself. Under GAP, learning the privacy mechanism is formulated as a constrained minimax game between two players: a privatizer that sanitizes the dataset in a way that limits the risk of inference attacks on the individuals' private variables, and an adversary that tries to infer the private variables from the sanitized dataset. To evaluate GAP's performance, we investigate two simple (yet canonical) statistical dataset models: (a) the binary data model, and (b) the binary Gaussian mixture model. For both models, we derive game-theoretically optimal minimax privacy mechanisms, and show that the privacy mechanisms learned from data (in a generative adversarial fashion) match the theoretically optimal ones. This demonstrates that our framework can be easily applied in practice, even in the absence of dataset statistics.Comment: Improved version of a paper accepted by Entropy Journal, Special Issue on Information Theory in Machine Learning and Data Scienc

Enabling Cyber-Physical Communication in 5G Cellular Networks: Challenges, Solutions and Applications

Cyber-physical systems (CPS) are expected to revolutionize the world through a myriad of applications in health-care, disaster event applications, environmental management, vehicular networks, industrial automation, and so on. The continuous explosive increase in wireless data traffic, driven by the global rise of smartphones, tablets, video streaming, and online social networking applications along with the anticipated wide massive sensors deployments, will create a set of challenges to network providers, especially that future fifth generation (5G) cellular networks will help facilitate the enabling of CPS communications over current network infrastructure. In this dissertation, we first provide an overview of CPS taxonomy along with its challenges from energy efficiency, security, and reliability. Then we present different tractable analytical solutions through different 5G technologies, such as device-to-device (D2D) communications, cell shrinking and offloading, in order to enable CPS traffic over cellular networks. These technologies also provide CPS with several benefits such as ubiquitous coverage, global connectivity, reliability and security. By tuning specific network parameters, the proposed solutions allow the achievement of balance and fairness in spectral efficiency and minimum achievable throughout among cellular users and CPS devices. To conclude, we present a CPS mobile-health application as a case study where security of the medical health cyber-physical space is discussed in details

Understanding and Enriching Randomness Within Resource-Constrained Devices

Random Number Generators (RNG) find use throughout all applications of computing, from high level statistical modeling all the way down to essential security primitives. A significant amount of prior work has investigated this space, as a poorly performing generator can have significant impacts on algorithms that rely on it. However, recent explosive growth of the Internet of Things (IoT) has brought forth a class of devices for which common RNG algorithms may not provide an optimal solution. Furthermore, new hardware creates opportunities that have not yet been explored with these devices. in this Dissertation, we present research fostering deeper understanding of and enrichment of the state of randomness within the context of resource-constrained devices. First, we present an exploratory study into methods of generating random numbers on devices with sensors. We perform a data collection study across 37 android devices to determine how much random data is consumed, and which sensors are capable of producing sufficiently entropic data. We use the results of our analysis to create an experimental framework called SensoRNG, which serves as a prototype to test the efficacy of a sensor-based RNG. SensoRNG employs opportunistic collection of data from on-board sensors and applies a light-weight mixing algorithm to produce random numbers. We evaluate SensoRNG with the National Institute of Standards and Technology (NIST) statistical testing suite and demonstrate that a sensor-based RNG can provide high quality random numbers with only little additional overhead. Second, we explore the design, implementation, and efficacy of a Collaborative and Distributed Entropy Transfer protocol (CADET), which explores moving random number generation from an individual task to a collaborative one. Through the sharing of excess random data, devices that are unable to meet their own needs can be aided by contributions from other devices. We implement and test a proof-of-concept version of CADET on a testbed of 49 Raspberry Pi 3B single-board computers, which have been underclocked to emulate resource-constrained devices. Through this, we evaluate and demonstrate the efficacy and baseline performance of remote entropy protocols of this type, as well as highlight remaining research questions and challenges. Finally, we design and implement a system called RightNoise, which automatically profiles the RNG activity of a device by using techniques adapted from language modeling. First, by performing offline analysis, RightNoise is able to mine and reconstruct, in the context of a resource-constrained device, the structure of different activities from raw RNG access logs. After recovering these patterns, the device is able to profile its own behavior in real time. We give a thorough evaluation of the algorithms used in RightNoise and show that, with only five instances of each activity type per log, RightNoise is able to reconstruct the full set of activities with over 90\% accuracy. Furthermore, classification is very quick, with an average speed of 0.1 seconds per block. We finish this work by discussing real world application scenarios for RightNoise

Edge Intelligence : Empowering Intelligence to the Edge of Network

Edge intelligence refers to a set of connected systems and devices for data collection, caching, processing, and analysis proximity to where data are captured based on artificial intelligence. Edge intelligence aims at enhancing data processing and protects the privacy and security of the data and users. Although recently emerged, spanning the period from 2011 to now, this field of research has shown explosive growth over the past five years. In this article, we present a thorough and comprehensive survey of the literature surrounding edge intelligence. We first identify four fundamental components of edge intelligence, i.e., edge caching, edge training, edge inference, and edge offloading based on theoretical and practical results pertaining to proposed and deployed systems. We then aim for a systematic classification of the state of the solutions by examining research results and observations for each of the four components and present a taxonomy that includes practical problems, adopted techniques, and application goals. For each category, we elaborate, compare, and analyze the literature from the perspectives of adopted techniques, objectives, performance, advantages and drawbacks, and so on. This article provides a comprehensive survey of edge intelligence and its application areas. In addition, we summarize the development of the emerging research fields and the current state of the art and discuss the important open issues and possible theoretical and technical directions.Peer reviewe

Edge Intelligence : Empowering Intelligence to the Edge of Network

Edge intelligence refers to a set of connected systems and devices for data collection, caching, processing, and analysis proximity to where data are captured based on artificial intelligence. Edge intelligence aims at enhancing data processing and protects the privacy and security of the data and users. Although recently emerged, spanning the period from 2011 to now, this field of research has shown explosive growth over the past five years. In this article, we present a thorough and comprehensive survey of the literature surrounding edge intelligence. We first identify four fundamental components of edge intelligence, i.e., edge caching, edge training, edge inference, and edge offloading based on theoretical and practical results pertaining to proposed and deployed systems. We then aim for a systematic classification of the state of the solutions by examining research results and observations for each of the four components and present a taxonomy that includes practical problems, adopted techniques, and application goals. For each category, we elaborate, compare, and analyze the literature from the perspectives of adopted techniques, objectives, performance, advantages and drawbacks, and so on. This article provides a comprehensive survey of edge intelligence and its application areas. In addition, we summarize the development of the emerging research fields and the current state of the art and discuss the important open issues and possible theoretical and technical directions.Peer reviewe

Near Data Processing for Efficient and Trusted Systems

We live in a world which constantly produces data at a rate which only increases with time. Conventional processor architectures fail to process this abundant data in an efficient manner as they expend significant energy in instruction processing and moving data over deep memory hierarchies. Furthermore, to process large amounts of data in a cost effective manner, there is increased demand for remote computation. While cloud service providers have come up with innovative solutions to cater to this increased demand, the security concerns users feel for their data remains a strong impediment to their wide scale adoption. An exciting technique in our repertoire to deal with these challenges is near-data processing. Near-data processing (NDP) is a data-centric paradigm which moves computation to where data resides. This dissertation exploits NDP to both process the data deluge we face efficiently and design low-overhead secure hardware designs. To this end, we first propose Compute Caches, a novel NDP technique. Simple augmentations to underlying SRAM design enable caches to perform commonly used operations. In-place computation in caches not only avoids excessive data movement over memory hierarchy, but also significantly reduces instruction processing energy as independent sub-units inside caches perform computation in parallel. Compute Caches significantly improve the performance and reduce energy expended for a suite of data intensive applications. Second, this dissertation identifies security advantages of NDP. While memory bus side channel has received much attention, a low-overhead hardware design which defends against it remains elusive. We observe that smart memory, memory with compute capability, can dramatically simplify this problem. To exploit this observation, we propose InvisiMem which uses the logic layer in the smart memory to implement cryptographic primitives, which aid in addressing memory bus side channel efficiently. Our solutions obviate the need for expensive constructs like Oblivious RAM (ORAM) and Merkle trees, and have one to two orders of magnitude lower overheads for performance, space, energy, and memory bandwidth, compared to prior solutions. This dissertation also addresses a related vulnerability of page fault side channel in which the Operating System (OS) induces page faults to learn application's address trace and deduces application secrets from it. To tackle it, we propose Sanctuary which obfuscates page fault channel while allowing the OS to manage memory as a resource. To do so, we design a novel construct, Oblivious Page Management (OPAM) which is derived from ORAM but is customized for page management context. We employ near-memory page moves to reduce OPAM overhead and also propose a novel memory partition to reduce OPAM transactions required. For a suite of cloud applications which process sensitive data we show that page fault channel can be tackled at reasonable overheads.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/144139/1/shaizeen_1.pd