1

Privacy Aware Incentive Mechanismto Collect Mobile Data

While Preventing Duplication

Junggab Son*, Donghyun Kim*, Rasheed Hussain**, Sung-Sik Kwon*, Alade O. Tokuta*, and Jungtaek Seo***

*Department of Mathematics and Physics, North Carolina Central University, Durham, NC, USA**Department of Computer Science, Innopolis University, Kazan, Russia

***Department of Computer Science and Engineering, Hanyang University, South Korea

22

Agenda

• Introduction• System Model• Problem Definition• Adversary Models and Assumption• Preliminaries• Proposed Scheme• Analysis of security and privacy• Conclusion

33

Introduction• Mobile sensing environment

– A service provider can provide better service using sensing data from users

– Interestingly enough, many of the existing researches treat a user as volunteer

– This may not be true for many reasons• Rare valuable sensing data, battery life, system performance,

etc.

• Incentive scheme to collect high-quality sensing data from users– The service provider gives a (undeniable and

unforgeable) credit to a user who has completed a given sensing task

– Privacy must be considered

44

Introduction – cont’• Using a pseudonym based privacy preserving

scheme– Preserve privacy– On the other hand, sensing report duplication attack

becomes possible due to anonymity• Makes lots of noise, causes more cost to operate an

application

• Propose a privacy preserving incentive scheme with effective checking – Functional pseudonym can reveal attacker’s private

key in case of misbehavior

55

System Model

Credit Authority

Service Provider

…Participants

Data Consumer

Task / ReportPayment /

Registration & Credit

Request / Result Pay credit

66

Problem Definition

• From a given set of sensing report for a sensing request , where is pseudonym, find two or more same sensing reports that are actually from the same user.

• Or equivalently, how to prevent sensing data duplication attack.

Service Provider

Sensing Data

Sensing Data

Duplication

+

+

Incentive

Incentive

=

=

77

Adversary Models and Assumption

• Adversary models– Attacks on incentive

• A user may try to earn more credit than expected for sensing task

• A service provider may try to pay less or 0 credit than assigned on sensing task

– Attacks on privacy• User privacy can be invaded by the service provider or the

other malicious parties

• Assumption– The communication between users and the service

provider is anonymized• IP and MAC address recycling techniques or Mix networks

88

Preliminaries

• Definition 1 (DDHP). – The decisional Diffie-Hellman (DDH) problem states

that, given and for uniformly and independently chosen , the value looks like a random element in .

– This intuitive notion is formally stated by saying that the following two probability distributions are computationally indistinguishable (in the security parameter, ):

• (), where and are randomly and independently chosen from .• (), where are randomly and independently chosen from .

99

Preliminaries – cont’

• Definition 2 (Bilinear map).– A bilinear map is a map with the following properties.

• Computable: there exists an efficiently computable algorithm for computing

• Bilinear: for all and , • Nondegenerate: , where is a generator of .

1010

Preliminaries – cont’

• Definition 3 (DBDH).– The decisional bilinear Deffie-Hellman problem in

groups () is, given a tuple with unknown , whether . – A polynomial-time algorithm has advantage in solving

the DBDH problem in groups ,– if – Where the probability is taken over the random choices

of , the random choice of , and random bits consumed by

1111

Preliminaries – cont’

• Definition 4. (Lagrange Interpolating Polynomial).– The Lagrange interpolating polynomial is the

polynomial of degree that passes through the points and is given by

– Where is Lagrange coefficient and a set of elements in

• Definition 5. () Secret Sharing– Split a secret into pieces of secret– Any of pieces can recover the secret

1212

Proposed Scheme

• Setup– On a security parameter , the setup process first

determines – Choose , and – The global parameters are , – User generates a public/private key pair – The user picks ,

1313

Proposed Scheme – cont’

• Pseudonym Generation– Picks randomly– Splits into numbers using secret sharing scheme, – Computes – Computes pseudonyms

– Makes pseudonym verification value

1414

Proposed Scheme – cont’

• Registration to CA (Credit Authority)– Sends account ID , and to the CA– After verification, CA makes verification factor for the

pseudonyms

– The user can use with as valid pseudonyms• Sensing Request

– A service provider assigns unique task number , and compute

– Users can compute and verify the task request

1515

Proposed Scheme – cont’

• Sensing report– Picks a pseudonym from , , and generate sensing

reports

The service provider verifies and decrypts sensing data

1616

Proposed Scheme – cont’

• After accepting report, SP issues credit with credit ID

• The user decrypts from

• The user stores and computes

• Sends to the CA

1717

Proposed Scheme – cont’

• Revealing user’s privacy key– From two sensing data – Computes :

– is multiplicative inverse of – It is easily computed using the extended Euclidean

algorithm

1818

Privacy Analysis

• Proof of Randomness for preserving privacy– From a set of pseudonym , any of two given

pseudonyms are indistinguishable while preserving privacy

– , – Can be simply written as , – is generator of cyclic group , thus , – Therefore, pseudonyms are indistinguishable under

DDH assumption

1919

Security Analysis

• Security on Incentives– Dishonest user sends multiple sensing data to SP

• The private key of the user will be revealed by our scheme

– Dishonest user eavesdrops other credit and sends it to CA

• It cannot pass the verification process of CA

– Dishonest user sends same credit to the CA repeatedly• It will be easily detected due to the task number and actual ID

of the credit

2020

Conclusion

• Privacy-aware incentive scheme in mobile sensing– It is hard to detect duplicated sensing data from

pseudonym communication• Service Provider can revoke the private key of

attacker– If an attacker performs sensing data duplication attack– Without help of a revocation authority or a trusted

entity– It gives an attacker strong punishment

2121

Thank you.

• Questions?