Opportunistic Sensing: Security Challenges for the New Paradigm

We study the security challenges that arise in Opportunistic people-centric sensing, a new sensing paradigm leveraging humans as part of the sensing infrastructure. Most prior sensor-network research has focused on collecting and processing environmental data using a static topology and an application-aware infrastructure, whereas opportunistic sensing involves collecting, storing, processing and fusing large volumes of data related to everyday human activities. This highly dynamic and mobile setting, where humans are the central focus, presents new challenges for information security, because data originates from sensors carried by people— not tiny sensors thrown in the forest or attached to animals. In this paper we aim to instigate discussion of this critical issue, because opportunistic people-centric sensing will never succeed without adequate provisions for security and privacy. To that end, we outline several important challenges and suggest general solutions that hold promise in this new sensing paradigm

Supporting Non-membership Proofs with Bilinear-map Accumulators

In this short note, we present an extension of Nguyen\u27s bilinear-map based accumulator scheme to support \emph{non-membership witnesses} and corresponding \emph{non-membership proofs}, i.e., cryptographic proofs that an element has not been accumulated to a given set. This complements the non-membership proofs developed by Li \emph{et al.} for the RSA accumulator, making the functionality of the bilinear-map accumulator equivalent to that of the RSA accumulator. Our non-membership extension of Nguyen\u27s scheme makes use of the $q$-Strong Diffie-Hellman assumption the security of the original scheme is based on

Location Privacy for Mobile Crowd Sensing through Population Mapping

Opportunistic sensing allows applications to “task” mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street or users\u27 mobile phones to locate (Bluetooth-enabled) objects in their vicinity. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk: even if identifying information has been removed from a report, the accompanying time and location can reveal sufficient information to de-anonymize the user whose device sent the report. We propose and evaluate a novel spatiotemporal blurring mechanism based on tessellation and clustering to protect users\u27 privacy against the system while reporting context. Our technique employs a notion of probabilistic k-anonymity; it allows users to perform local blurring of reports efficiently without an online anonymization server before the data are sent to the system. The proposed scheme can control the degree of certainty in location privacy and the quality of reports through a system parameter. We outline the architecture and security properties of our approach and evaluate our tessellation and clustering algorithm against real mobility traces

AnonySense: A System for Anonymous Opportunistic Sensing

We describe AnonySense, a privacy-aware system for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing \emphtasks\/ to be distributed across participating mobile devices, later receiving verified, yet anonymized, sensor data \emphreports\/ back from the field, thus providing the first secure implementation of this participatory sensing model. We describe our security goals, threat model, and the architecture and protocols of AnonySense. We also describe how AnonySense can support extended security features that can be useful for different applications. We evaluate the security and feasibility of AnonySense through security analysis and prototype implementation. We show the feasibility of our approach through two plausible applications: a Wi-Fi rogue access point detector and a lost-object finder

Verifiable Set Operations over Outsourced Databases

We study the problem of verifiable delegation of computation over outsourced data, whereby a powerful worker maintains a large data structure for a weak client in a verifiable way. Compared to the well-studied problem of verifiable computation, this setting imposes additional difficulties since the verifier needs to verify consistency of updates succinctly and without maintaining large state. In particular,existing general solutions are far from practical in this setting. We present a scheme for verifiable evaluation of hierarchical set operations (unions, intersections and set-differences) applied to a collection of dynamically changing sets of elements from a given domain. That is, we consider two types of queries issued by the client: updates (insertions and deletions) and data queries, which consist of ``circuits\u27\u27 of unions, intersections, and set-differences on the current collection of sets. This type of queries comes up in database queries, keyword search and numerous other applications, and indeed our scheme can be effectively used in such scenarios. The verification cost incurred is proportional only to the size of the final outcome set and to the size of the query, and is independent of the cardinalities of the involved sets. The cost of updates is optimal ($O(1)$ modular operations per update). Our construction extends that of [Papamanthou et al., Crypto 2011] and relies on a modified version of the \emph{extractable collision-resistant hash function} (ECRH) construction, introduced in [Bitansky et al., ITCS 2012] that can be used to succinctly hash univariate polynomials

AnonyTL Specification

We provide a specification of AnonyTL, a domain-specific language that describes sensing tasks for mobile devices in a manner that facilitates automated reasoning about privacy

Privacy-Enhancing First-Price Auctions Using Rational Cryptography

We consider enhancing a sealed-bid single-item auction with \emph{privacy} concerns, our assumption being that bidders primarily care about monetary payoff and secondarily worry about exposing information about their type to other players and learning information about other players\u27 types. To treat privacy explicitly within the game theoretic context, we put forward a novel \emph{hybrid utility} model that considers both fiscal and privacy components in the players\u27 payoffs. We show how to use rational cryptography to approximately implement a given \emph{ex interim} individually strictly rational equilibrium of such an auction (or any game with a winner) without a trusted mediator through a cryptographic protocol that uses only point-to-point authenticated channels between the players. By ``ex interim individually strictly rational\u27\u27 we mean that, given its type and before making its move, each player has a strictly positive expected utility, i.e., it becomes the winner of the auction with positive probability. By ``approximately implement\u27\u27 we mean that, under cryptographic assumptions, running the protocol is a computational Nash equilibrium with a payoff profile negligibly close to the original equilibrium. In addition the protocol has the stronger property that no collusion, of any size, can obtain more by deviating in the implementation than by deviating in the ideal mediated setting which the mechanism was designed in. Also, despite the non-symmetric payoffs profile, the protocol always correctly terminates

Secure Computation in Online Social Networks

Apart from their numerous other benefits, online social networks (OSNs) allow users to jointly compute on each other’s data (e.g., profiles, geo-locations, medical records, etc.). Privacy issues naturally arise in this setting due to the sensitive nature of the exchanged information. Ideally, nothing about a user’s data should be revealed to the OSN provider or non-friend users, and even her friends should only learn the output of a joint computation. In this work we propose the first security framework to capture these strong privacy guarantees for general-purpose computation. We also achieve two additional attractive properties: users do not need to be online while their friends compute on their data, and any user value uploaded at the server can be repeatedly used in multiple computations. We formalize our framework in the setting of secure multi-party computation (MPC) and provide two instantiations: the first is a non-trivial adaptation of garbled circuits that converts inputs under different keys to ones under the same key, and the second is based on two-party mixed protocols and involves a novel two-party re-encryption module. We experimentally validate the efficiency of our instantiations using state-of-the-art tools for two concrete use-cases