Abstract
Mobile participatory sensing (MPS) could benefit many application domains. A major domain is smart transportation, with applications such as vehicular traffic monitoring, vehicle routing, or driving behavior analysis. However, MPS’s success depends on finding a solution for querying large numbers of smart phones or vehicular systems, which protects user location privacy and works in real-time. This paper presents PAMPAS, a privacy-aware mobile distributed system for efficient data aggregation in MPS. In PAMPAS, mobile devices enhanced with secure hardware, called secure probes (SPs), perform distributed query processing, while preventing users from accessing other users’ data. A supporting server infrastructure (SSI) coordinates the inter-SP communication and the computation tasks executed on SPs. PAMPAS ensures that SSI cannot link the location reported by SPs to the user identities even if SSI has additional background information. Moreover, an enhanced version of the protocol, named PAMPAS+, makes the system robust even against advanced hardware attacks on the SPs. Hence, the risk of user location privacy leakage remains very low even for an attacker controlling the SSI and a few corrupted SPs. Our experimental results demonstrate that these protocols work efficiently on resource constrained SPs being able to collect the data, aggregate them, and share statistics or derive models in real-time.
Similar content being viewed by others
Notes
This paper is an extended version of [44]. The new material covers three significant contributions. First, we design a new, more robust aggregation protocol that is resilient to advanced hardware attacks. Second, we provide an alternative, more effective partitioning algorithm that offers a different tradeoff in terms of efficiency and partitioning quality than the base partitioning algorithm. Third, we provide a thorough analysis of the privacy protection and also an extensive evaluation of the new proposed protocols.
We use the terminology of ARM [3] which designates as lab attacks the most advanced, comprehensive and invasive hardware attacks for which the attackers have access to laboratory equipment and the knowledge to perform reverse engineering of a device and also monitor analog signals to perform attacks such as cryptographic key analysis.
The weight is the number of probes in a spatial unit.
We note that in this paper we employed an optimized implementation of the base partitioning algorithm compared to the version used in [44]. While the general algorithm remains the same (see Algorithm 4), we optimized the number of Flash IOs through a better usage of the 30KB of RAM available for data processing at the SP side.
References
Allard T, Nguyen B, Pucheral P (2014) METAP: Revisiting privacy-preserving data publishing using secure devices. Distributed and Parallel Databases 32(2):191–244
Andrés ME, Bordenabe NE, Chatzikokolakis K, Palamidessi C (2013) Geo-indistinguishability: Differential privacy for location-based systems. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security. CCS ’13. ACM, New York, pp 901–914 , https://doi.org/10.1145/2508859.2516735
ARM (2009) ARM security technology - building a secure system using trustzone technology. ARM Technical White Paper
Baumann A, Peinado M, Hunt G (2014) Shielding applications from an untrusted cloud with haven. In: OSDI, pp 267–283
Brinkhoff T (2002) A framework for generating network-based moving objects. GeoInformatica 6(2):153–180
Brown JWS, Ohrimenko O, Tamassia R (2013) Haze: Privacy-preserving real-time traffic statistics. In: ACM SIGSPATIAL, pp 540–543
Cao Y, Yoshikawa M, Xiao Y, Xiong L (2017) Quantifying differential privacy under temporal correlations. In: 2017 IEEE 33rd international conference on data engineering (ICDE), IEEE, pp 821–832
Chatzikokolakis K, Palamidessi C, Stronati M (2015) Location privacy via geo-indistinguishability. ACM SIGLOG News 2(3):46–69. https://doi.org/10.1145/2815493.2815499
Chow CY, Mokbel MF, Aref WG (2009) Casper*: Query processing for location services without compromising privacy. ACM Trans Database Syst 34(4):24:1–24:48. https://doi.org/10.1145/1620585.1620591
Cornelius C, Kapadia A, Kotz D, Peebles D, Shin M, Triandopoulos N (2008) AnonySense: Privacy-aware people-centric sensing. In: MobiSys
Damiani M L (2014) Location privacy models in mobile applications: conceptual view and research directions. GeoInformatica 18(4):819–842
Damiani ML, Bertino E, Silvestri C (2010) The probe framework for the personalized cloaking of private locations. Trans Data Privacy 3(2):123–148. http://dl.acm.org/citation.cfm?id=1824401.1824404
D’Hondta E, Stevens M, Jacobs A (2013) Participatory noise mapping works! an evaluation of participatory sensing as an alternative to standard techniques for environmental monitoring. Pervasive and Mobile Computing 9(5):681–694
Douceur JR (2002) The sybil attack. In: Revised papers from the 1st international workshop on peer-to-peer systems, IPTPS ’01. Springer-Verlag, London, pp 251–260. http://dl.acm.org/citation.cfm?id=646334.687813
Drosatos G, Efraimidis PS, Athanasiadis IN, Stevens M (2012) A privacy-preserving cloud computing system for creating participatory noise maps. In: COMPSAC, pp 581–586
Faezipour M, Nourani M, Saeed A, Addepalli S (2012) Progress and challenges in intelligent vehicle area networks. Magazine Communications of the ACM 55(2):90–100
Ganti R K, Pham N, Tsai Y E, Abdelzaher T F (2008) PoolView: Stream privacy for grassroots participatory sensing. In: SenSys
Gao H, Liu C H, Wang W, Zhao J, Song Z, Su X, Crowcroft J, Leung K K (2015) A survey of incentive mechanisms for participatory sensing. IEEE Comm Surveys and Tutorials 17(2):918–943
Ghinita G, Damiani ML, Silvestri C, Bertino E (2016) Protecting against velocity-based, proximity-based, and external event attacks in location-centric social networks. ACM Trans Spatial Algorithms Syst 2(2):8:1–8:36. https://doi.org/10.1145/2910580
Goel P, Kulik L, Ramamohanarao K (2016) Privacy-aware dynamic ride sharing. ACM Trans Spatial Algorithms Syst 2(1):4:1–4:41. https://doi.org/10.1145/2845080
González J, Hölzl M, Riedl P, Bonnet P, Mayrhofer R (2014) A practical hardware-assisted approach to customize trusted boot for mobile devices. In: Chow SSM, Camenisch J, Hui L C K, Yiu S M (eds) Information Security. Springer International Publishing, pp 542–554
Hoh B, Iwuchukwu T, Jacobson Q, Work D, Bayen A M, Herring R, Herrera J C, Gruteser M, Annavaram M, Ban J (2012) Enhancing privacy and accuracy in probe vehicle-based traffic monitoring via virtual trip lines. IEEE Tran on Mobile Computing 11(5):849–864
Huang KL, Kanhere SS, Hu W (2010) Preserving privacy in participatory sensing systems. Comput Commun 33(11):1266–1280. https://doi.org/10.1016/j.comcom.2009.08.012
Jain N, Mishra S, Srinivasan A, Gehrke J, Widom J, Balakrishnan H, Çetintemel U, Cherniack M, Tibbetts R, Zdonik S B (2008) Towards a streaming sql standard. PVLDB 1(2):1379–1390
Lallali S, Anciaux N, Popa IS, Pucheral P (2017) Supporting secure keyword search in the personal cloud. Inf Syst 72:1–26. https://doi.org/10.1016/j.is.2017.09.003. http://www.sciencedirect.com/science/article/pii/S0306437916303891
Li M, Zhu L, Zhang Z, Xu R (2017) Achieving differential privacy of trajectory data publishing in participatory sensing. Inf Sci 400(C):1–13 . https://doi.org/10.1016/j.ins.2017.03.015
Li Q, Cao G (2012) Efficient and privacy-preserving data aggregation in mobile sensing. In: IEEE ICNP
Liu R, Cao J, VanSyckel S, Gao W (2016) Prime: Human-centric privacy measurement based on user preferences towards data sharing in mobile participatory sensing systems. In: 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp 1–8. https://doi.org/10.1109/PERCOM.2016.7456518
Maruseac M, Ghinita G, Trajcevski G, Scheuermann P (2017) Privacy-preserving detection of anomalous phenomena in crowdsourced environmental sensing using fine-grained weighted voting. Geoinformatica 21(4):733–762. https://doi.org/10.1007/s10707-017-0304-3
de Montjoye Y A, Hidalgo C A, Verleysen M, Blondel V D (2013) Unique in the crowd: The privacy bounds of human mobility. Scientific reports 3
Nittel S, Whittier JC, Liang Q (2012) Real-time spatial interpolation of continuous phenomena using mobile sensor data streams. In: ACM SIGSPATIAL, pp 530–533
Pan J, Sandu-Popa I, Borcea C (2017) Divert: A distributed vehicular traffic re-routing system for congestion avoidance. IEEE Trans Mob Comput 16(1):58–72. https://doi.org/10.1109/TMC.2016.2538226
Penza M (2014) Cost action TD1105: New sensing technologies for environmental sustainability in smart cities. In: IEEE SENSORS
Piro C, Shields C, Levine BN (2006) Detecting the sybil attack in mobile ad hoc networks. In: 2006 Securecomm and Workshops, pp 1–11
Popa RA, Blumberg AJ, Balakrishnan H, Li FH (2011) Privacy and accountability for location-based aggregate statistics. In: CCS, pp 653–666
Priebe C, Vaswani K, Costa M (2018) Enclavedb - a secure database using sgx. IEEE. https://www.microsoft.com/en-us/research/publication/enclavedb-a-secure-database-using-sgx/
Quercia D, Leontiadis I, Mcnamara L, Mascolo C, Crowcroft J (2011) Spotme if you can: Randomized responses for location obfuscation on mobile phones. In: ICDCS, pp 363–372
Sabt M, Achemlal M, Bouabdallah A (2015) Trusted execution environment: What it is, and what it is not. In: 2015 IEEE trustcom/BigDataSE/ISPA. https://doi.org/10.1109/Trustcom.2015.357, vol 1, pp 57–64
Shi J, Zhang R, Liu Y, Zhang Y (2010) PriSense: Privacy-preserving data aggregation in people-centric urban sensing systems. In: IEEE INFOCOM
Thiagarajan A, Ravindranath L, LaCurts K, Madden S, Balakrishnan H, Toledo S, Eriksson J (2009) Vtrack: accurate, energy-aware road traffic delay estimation using mobile phones. In: ACM SenSys, pp 85–98
To QC, Nguyen B, Pucheral P (2014) Privacy-preserving query execution using a decentralized architecture and tamper resistant hardware. In: EDBT, pp 487–498
To QC, Nguyen B, Pucheral P (2016) Private and scalable execution of sql aggregates on a secure decentralized architecture. ACM Trans Database Syst 41 (3):16:1–16:43. https://doi.org/10.1145/2894750
Ton-That D H, Sandu-Popa I, Zeitouni K (2015) PPTM: Privacy-aware participatory traffic monitoring using mobile secure probes. In: IEEE MDM, demo paper
Ton-That DH, Sandu-Popa I, Zeitouni K, Borcea C (2016) PAMPAS: Privacy-aware mobile participatory sensing using secure probes. In: Proceedings of the 28th international conference on scientific and statistical database management, ACM, SSDBM ’16, pp 4:1–4:12. https://doi.org/10.1145/2949689.2949704
Wang G, Wang B, Wang T, Nika A, Zheng H, Zhao BY (2016) Defending against sybil devices in crowdsourced mapping services. In: Proceedings of the 14th annual international conference on mobile systems, applications, and services, MobiSys ’16. ACM, New York, pp 179–191. https://doi.org/10.1145/2906388.2906420
Wang L, Yang D, Han X, Wang T, Zhang D, Ma X (2017) Location privacy-preserving task allocation for mobile crowdsensing with differential geo-obfuscation. In: Proceedings of the 26th international conference on World Wide Web, international world wide web conferences steering committee, Republic and Canton of Geneva, Switzerland, WWW ’17, pp 627–636. https://doi.org/10.1145/3038912.3052696
Yuan J, Zheng Y, Xie W, Xie X, Sun G, Huang Y (2010) T-drive: driving directions based on taxi trajectories. In: SIGSPATIAL, pp 99–108
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Popa, I.S., That, D.H.T., Zeitouni, K. et al. Mobile participatory sensing with strong privacy guarantees using secure probes. Geoinformatica 25, 533–580 (2021). https://doi.org/10.1007/s10707-019-00389-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10707-019-00389-4