1 privacy aware incentive mechanism to collect mobile data while preventing duplication junggab...
TRANSCRIPT
1
Privacy Aware Incentive Mechanismto Collect Mobile Data
While Preventing Duplication
Junggab Son*, Donghyun Kim*, Rasheed Hussain**, Sung-Sik Kwon*, Alade O. Tokuta*, and Jungtaek Seo***
*Department of Mathematics and Physics, North Carolina Central University, Durham, NC, USA**Department of Computer Science, Innopolis University, Kazan, Russia
***Department of Computer Science and Engineering, Hanyang University, South Korea
22
Agenda
• Introduction• System Model• Problem Definition• Adversary Models and Assumption• Preliminaries• Proposed Scheme• Analysis of security and privacy• Conclusion
33
Introduction• Mobile sensing environment
– A service provider can provide better service using sensing data from users
– Interestingly enough, many of the existing researches treat a user as volunteer
– This may not be true for many reasons• Rare valuable sensing data, battery life, system performance,
etc.
• Incentive scheme to collect high-quality sensing data from users– The service provider gives a (undeniable and
unforgeable) credit to a user who has completed a given sensing task
– Privacy must be considered
44
Introduction – cont’• Using a pseudonym based privacy preserving
scheme– Preserve privacy– On the other hand, sensing report duplication attack
becomes possible due to anonymity• Makes lots of noise, causes more cost to operate an
application
• Propose a privacy preserving incentive scheme with effective checking – Functional pseudonym can reveal attacker’s private
key in case of misbehavior
55
System Model
Credit Authority
Service Provider
…Participants
Data Consumer
Task / ReportPayment /
Registration & Credit
Request / Result Pay credit
66
Problem Definition
• From a given set of sensing report for a sensing request , where is pseudonym, find two or more same sensing reports that are actually from the same user.
• Or equivalently, how to prevent sensing data duplication attack.
Service Provider
Sensing Data
Sensing Data
Duplication
+
+
Incentive
Incentive
=
=
77
Adversary Models and Assumption
• Adversary models– Attacks on incentive
• A user may try to earn more credit than expected for sensing task
• A service provider may try to pay less or 0 credit than assigned on sensing task
– Attacks on privacy• User privacy can be invaded by the service provider or the
other malicious parties
• Assumption– The communication between users and the service
provider is anonymized• IP and MAC address recycling techniques or Mix networks
88
Preliminaries
• Definition 1 (DDHP). – The decisional Diffie-Hellman (DDH) problem states
that, given and for uniformly and independently chosen , the value looks like a random element in .
– This intuitive notion is formally stated by saying that the following two probability distributions are computationally indistinguishable (in the security parameter, ):
• (), where and are randomly and independently chosen from .• (), where are randomly and independently chosen from .
99
Preliminaries – cont’
• Definition 2 (Bilinear map).– A bilinear map is a map with the following properties.
• Computable: there exists an efficiently computable algorithm for computing
• Bilinear: for all and , • Nondegenerate: , where is a generator of .
1010
Preliminaries – cont’
• Definition 3 (DBDH).– The decisional bilinear Deffie-Hellman problem in
groups () is, given a tuple with unknown , whether . – A polynomial-time algorithm has advantage in solving
the DBDH problem in groups ,– if – Where the probability is taken over the random choices
of , the random choice of , and random bits consumed by
1111
Preliminaries – cont’
• Definition 4. (Lagrange Interpolating Polynomial).– The Lagrange interpolating polynomial is the
polynomial of degree that passes through the points and is given by
– Where is Lagrange coefficient and a set of elements in
• Definition 5. () Secret Sharing– Split a secret into pieces of secret– Any of pieces can recover the secret
1212
Proposed Scheme
• Setup– On a security parameter , the setup process first
determines – Choose , and – The global parameters are , – User generates a public/private key pair – The user picks ,
1313
Proposed Scheme – cont’
• Pseudonym Generation– Picks randomly– Splits into numbers using secret sharing scheme, – Computes – Computes pseudonyms
– Makes pseudonym verification value
1414
Proposed Scheme – cont’
• Registration to CA (Credit Authority)– Sends account ID , and to the CA– After verification, CA makes verification factor for the
pseudonyms
– The user can use with as valid pseudonyms• Sensing Request
– A service provider assigns unique task number , and compute
– Users can compute and verify the task request
1515
Proposed Scheme – cont’
• Sensing report– Picks a pseudonym from , , and generate sensing
reports
The service provider verifies and decrypts sensing data
1616
Proposed Scheme – cont’
• After accepting report, SP issues credit with credit ID
• The user decrypts from
• The user stores and computes
• Sends to the CA
1717
Proposed Scheme – cont’
• Revealing user’s privacy key– From two sensing data – Computes :
– is multiplicative inverse of – It is easily computed using the extended Euclidean
algorithm
1818
Privacy Analysis
• Proof of Randomness for preserving privacy– From a set of pseudonym , any of two given
pseudonyms are indistinguishable while preserving privacy
– , – Can be simply written as , – is generator of cyclic group , thus , – Therefore, pseudonyms are indistinguishable under
DDH assumption
1919
Security Analysis
• Security on Incentives– Dishonest user sends multiple sensing data to SP
• The private key of the user will be revealed by our scheme
– Dishonest user eavesdrops other credit and sends it to CA
• It cannot pass the verification process of CA
– Dishonest user sends same credit to the CA repeatedly• It will be easily detected due to the task number and actual ID
of the credit
2020
Conclusion
• Privacy-aware incentive scheme in mobile sensing– It is hard to detect duplicated sensing data from
pseudonym communication• Service Provider can revoke the private key of
attacker– If an attacker performs sensing data duplication attack– Without help of a revocation authority or a trusted
entity– It gives an attacker strong punishment
2121
Thank you.
• Questions?