Privacy Management and Optimal Pricing in People-Centric Sensing

With the emerging sensing technologies such as mobile crowdsensing and Internet of Things (IoT), people-centric data can be efficiently collected and used for analytics and optimization purposes. This data is typically required to develop and render people-centric services. In this paper, we address the privacy implication, optimal pricing, and bundling of people-centric services. We first define the inverse correlation between the service quality and privacy level from data analytics perspectives. We then present the profit maximization models of selling standalone, complementary, and substitute services. Specifically, the closed-form solutions of the optimal privacy level and subscription fee are derived to maximize the gross profit of service providers. For interrelated people-centric services, we show that cooperation by service bundling of complementary services is profitable compared to the separate sales but detrimental for substitutes. We also show that the market value of a service bundle is correlated with the degree of contingency between the interrelated services. Finally, we incorporate the profit sharing models from game theory for dividing the bundling profit among the cooperative service providers.Comment: 16 page

Security and Privacy in Heterogeneous Wireless and Mobile Networks: Challenges and Solutions

abstract: The rapid advances in wireless communications and networking have given rise to a number of emerging heterogeneous wireless and mobile networks along with novel networking paradigms, including wireless sensor networks, mobile crowdsourcing, and mobile social networking. While offering promising solutions to a wide range of new applications, their widespread adoption and large-scale deployment are often hindered by people's concerns about the security, user privacy, or both. In this dissertation, we aim to address a number of challenging security and privacy issues in heterogeneous wireless and mobile networks in an attempt to foster their widespread adoption. Our contributions are mainly fivefold. First, we introduce a novel secure and loss-resilient code dissemination scheme for wireless sensor networks deployed in hostile and harsh environments. Second, we devise a novel scheme to enable mobile users to detect any inauthentic or unsound location-based top-k query result returned by an untrusted location-based service providers. Third, we develop a novel verifiable privacy-preserving aggregation scheme for people-centric mobile sensing systems. Fourth, we present a suite of privacy-preserving profile matching protocols for proximity-based mobile social networking, which can support a wide range of matching metrics with different privacy levels. Last, we present a secure combination scheme for crowdsourcing-based cooperative spectrum sensing systems that can enable robust primary user detection even when malicious cognitive radio users constitute the majority.Dissertation/ThesisPh.D. Electrical Engineering 201

Machine Learning Differential Privacy With Multifunctional Aggregation in a Fog Computing Architecture

© 2018 IEEE. Data aggregation plays an important role in the Internet of Things, and its study and analysis has resulted in a range of innovative services and benefits for people. However, the privacy issues associated with raw sensory data raise significant concerns due to the sensitive nature of the user information it often contains. Thus, numerous schemes have been proposed over the last few decades to preserve the privacy of users' data. Most methods are based on encryption technology, which is computationally and communicationally expensive. In addition, most methods can only handle a single aggregation function. Therefore, in this paper, we propose a multifunctional data aggregation method with differential privacy. The method is based on machine learning and can support a wide range of statistical aggregation functions, including additive and non-additive aggregation. It operates within a fog computing architecture, which extends cloud computing to the edge of the network, alleviating much of the computational burden on the cloud server. And, by only reporting the results of the aggregation to the server, communication efficiency is improved. Extensive experimental results show that the proposed method not only answers flexible aggregation queries that meet diversified aggregation goals, but also produces aggregation results with high accuracy

Mobile Network and Cloud Based Privacy-Preserving Data Aggregation and Processing

The emerging technology of mobile devices and cloud computing has brought a new and efficient way for data to be collected, processed and stored by mobile users. With improved specifications of mobile devices and various mobile applications provided by cloud servers, mobile users can enjoy tremendous advantages to manage their daily life through those applications instantaneously, conveniently and productively. However, using such applications may lead to the exposure of user data to unauthorised access when the data is outsourced for processing and storing purposes. Furthermore, such a setting raises the privacy breach and security issue to mobile users. As a result, mobile users would be reluctant to accept those applications without any guarantee on the safety of their data. The recent breakthrough of Fully Homomorphic Encryption (FHE) has brought a new solution for data processing in a secure motion. Several variants and improvements on the existing methods have been developed due to efficiency problems. Experience of such problems has led us to explore two areas of studies, Mobile Sensing Systems (MSS) and Mobile Cloud Computing (MCC). In MSS, the functionality of smartphones has been extended to sense and aggregate surrounding data for processing by an Aggregation Server (AS) that may be operated by a Cloud Service Provider (CSP). On the other hand, MCC allows resource-constraint devices like smartphones to fully leverage services provided by powerful and massive servers of CSPs for data processing. To support the above two application scenarios, this thesis proposes two novel schemes: an Accountable Privacy-preserving Data Aggregation (APDA) scheme and a Lightweight Homomorphic Encryption (LHE) scheme. MSS is a kind of WSNs, which implements a data aggregation approach for saving the battery lifetime of mobile devices. Furthermore, such an approach could improve the security of the outsourced data by mixing the data prior to be transmitted to an AS, so as to prevent the collusion between mobile users and the AS (or its CSP). The exposure of users’ data to other mobile users leads to a privacy breach and existing methods on preserving users’ privacy only provide an integrity check on the aggregated data without being able to identify any misbehaved nodes once the integrity check has failed. Thus, to overcome such problems, our first scheme APDA is proposed to efficiently preserve privacy and support accountability of mobile users during the data aggregation. Furthermore, APDA is designed with three versions to provide balanced solutions in terms of misbehaved node detection and data aggregation efficiency for different application scenarios. In addition, the successfully aggregated data also needs to be accompanied by some summary information based on necessary additive and non-additive functions. To preserve the privacy of mobile users, such summary could be executed by implementing existing privacy-preserving data aggregation techniques. Nevertheless, those techniques have limitations in terms of applicability, efficiency and functionality. Thus, our APDA has been extended to allow maximal value finding to be computed on the ciphertext data so as to preserve user privacy with good efficiency. Furthermore, such a solution could also be developed for other comparative operations like Average, Percentile and Histogram. Three versions of Maximal value finding (Max) are introduced and analysed in order to differentiate their efficiency and capability to determine the maximum value in a privacy-preserving manner. Moreover, the formal security proof and extensive performance evaluation of our proposed schemes demonstrate that APDA and its extended version can achieve stronger security with an optimised efficiency advantage over the state-of-the-art in terms of both computational and communication overheads. In the MCC environment, the new LHE scheme is proposed with a significant difference so as to allow arbitrary functions to be executed on ciphertext data. Such a scheme will enable rich-mobile applications provided by CSPs to be leveraged by resource-constraint devices in a privacy-preserving manner. The scheme works well as long as noise (a random number attached to the plaintext for security reasons) is less than the encryption key, which makes it flexible. The flexibility of the key size enables the scheme to incorporate with any computation functions in order to produce an accurate result. In addition, this scheme encrypts integers rather than individual bits so as to improve the scheme’s efficiency. With a proposed process that allows three or more parties to communicate securely, this scheme is suited to the MCC environment due to its lightweight property and strong security. Furthermore, the efficacy and efficiency of this scheme are thoroughly evaluated and compared with other schemes. The result shows that this scheme can achieve stronger security under a reasonable cost

Security and Privacy Preservation in Mobile Crowdsensing

Mobile crowdsensing (MCS) is a compelling paradigm that enables a crowd of individuals to cooperatively collect and share data to measure phenomena or record events of common interest using their mobile devices. Pairing with inherent mobility and intelligence, mobile users can collect, produce and upload large amounts of data to service providers based on crowdsensing tasks released by customers, ranging from general information, such as temperature, air quality and traffic condition, to more specialized data, such as recommended places, health condition and voting intentions. Compared with traditional sensor networks, MCS can support large-scale sensing applications, improve sensing data trustworthiness and reduce the cost on deploying expensive hardware or software to acquire high-quality data. Despite the appealing benefits, however, MCS is also confronted with a variety of security and privacy threats, which would impede its rapid development. Due to their own incentives and vulnerabilities of service providers, data security and user privacy are being put at risk. The corruption of sensing reports may directly affect crowdsensing results, and thereby mislead customers to make irrational decisions. Moreover, the content of crowdsensing tasks may expose the intention of customers, and the sensing reports might inadvertently reveal sensitive information about mobile users. Data encryption and anonymization techniques can provide straightforward solutions for data security and user privacy, but there are several issues, which are of significantly importance to make MCS practical. First of all, to enhance data trustworthiness, service providers need to recruit mobile users based on their personal information, such as preferences, mobility pattern and reputation, resulting in the privacy exposure to service providers. Secondly, it is inevitable to have replicate data in crowdsensing reports, which may possess large communication bandwidth, but traditional data encryption makes replicate data detection and deletion challenging. Thirdly, crowdsensed data analysis is essential to generate crowdsensing reports in MCS, but the correctness of crowdsensing results in the absence of malicious mobile users and service providers become a huge concern for customers. Finally yet importantly, even if user privacy is preserved during task allocation and data collection, it may still be exposed during reward distribution. It further discourage mobile users from task participation. In this thesis, we explore the approaches to resolve these challenges in MCS. Based on the architecture of MCS, we conduct our research with the focus on security and privacy protection without sacrificing data quality and users' enthusiasm. Specifically, the main contributions are, i) to enable privacy preservation and task allocation, we propose SPOON, a strong privacy-preserving mobile crowdsensing scheme supporting accurate task allocation. In SPOON, the service provider recruits mobile users based on their locations, and selects proper sensing reports according to their trust levels without invading user privacy. By utilizing the blind signature, sensing tasks are protected and reports are anonymized. In addition, a privacy-preserving credit management mechanism is introduced to achieve decentralized trust management and secure credit proof for mobile users; ii) to improve communication efficiency while guaranteeing data confidentiality, we propose a fog-assisted secure data deduplication scheme, in which a BLS-oblivious pseudo-random function is developed to enable fog nodes to detect and delete replicate data in sensing reports without exposing the content of reports. Considering the privacy leakages of mobile users who report the same data, the blind signature is utilized to hide users' identities, and chameleon hash function is leveraged to achieve contribution claim and reward retrieval for anonymous greedy mobile users; iii) to achieve data statistics with privacy preservation, we propose a privacy-preserving data statistics scheme to achieve end-to-end security and integrity protection, while enabling the aggregation of the collected data from multiple sources. The correctness verification is supported to prevent the corruption of the aggregate results during data transmission based on the homomorphic authenticator and the proxy re-signature. A privacy-preserving verifiable linear statistics mechanism is developed to realize the linear aggregation of multiple crowdsensed data from a same device and the verification on the correctness of aggregate results; and iv) to encourage mobile users to participating in sensing tasks, we propose a dual-anonymous reward distribution scheme to offer the incentive for mobile users and privacy protection for both customers and mobile users in MCS. Based on the dividable cash, a new reward sharing incentive mechanism is developed to encourage mobile users to participating in sensing tasks, and the randomization technique is leveraged to protect the identities of customers and mobile users during reward claim, distribution and deposit

From MANET to people-centric networking: Milestones and open research challenges

In this paper, we discuss the state of the art of (mobile) multi-hop ad hoc networking with the aim to present the current status of the research activities and identify the consolidated research areas, with limited research opportunities, and the hot and emerging research areas for which further research is required. We start by briefly discussing the MANET paradigm, and why the research on MANET protocols is now a cold research topic. Then we analyze the active research areas. Specifically, after discussing the wireless-network technologies, we analyze four successful ad hoc networking paradigms, mesh networks, opportunistic networks, vehicular networks, and sensor networks that emerged from the MANET world. We also present an emerging research direction in the multi-hop ad hoc networking field: people centric networking, triggered by the increasing penetration of the smartphones in everyday life, which is generating a people-centric revolution in computing and communications