Skip to main content
SpringerLink
Log in

Mobile participatory sensing with strong privacy guarantees using secure probes

  • Published:
GeoInformatica Aims and scope Submit manuscript

Abstract

Mobile participatory sensing (MPS) could benefit many application domains. A major domain is smart transportation, with applications such as vehicular traffic monitoring, vehicle routing, or driving behavior analysis. However, MPS’s success depends on finding a solution for querying large numbers of smart phones or vehicular systems, which protects user location privacy and works in real-time. This paper presents PAMPAS, a privacy-aware mobile distributed system for efficient data aggregation in MPS. In PAMPAS, mobile devices enhanced with secure hardware, called secure probes (SPs), perform distributed query processing, while preventing users from accessing other users’ data. A supporting server infrastructure (SSI) coordinates the inter-SP communication and the computation tasks executed on SPs. PAMPAS ensures that SSI cannot link the location reported by SPs to the user identities even if SSI has additional background information. Moreover, an enhanced version of the protocol, named PAMPAS+, makes the system robust even against advanced hardware attacks on the SPs. Hence, the risk of user location privacy leakage remains very low even for an attacker controlling the SSI and a few corrupted SPs. Our experimental results demonstrate that these protocols work efficiently on resource constrained SPs being able to collect the data, aggregate them, and share statistics or derive models in real-time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Notes

  1. https://goflow.ambientic.mobi/

  2. http://www.waze.com

  3. http://navigon.com

  4. http://www.streetbump.org/

  5. http://www.epa.gov/heasd/airsensortoolbox/

  6. http://www.cnet.com/news/googles-project-vault-is-a-security-chip-disguised-as-an-micro-sd-card/

  7. This paper is an extended version of [44]. The new material covers three significant contributions. First, we design a new, more robust aggregation protocol that is resilient to advanced hardware attacks. Second, we provide an alternative, more effective partitioning algorithm that offers a different tradeoff in terms of efficiency and partitioning quality than the base partitioning algorithm. Third, we provide a thorough analysis of the privacy protection and also an extensive evaluation of the new proposed protocols.

  8. We use the terminology of ARM [3] which designates as lab attacks the most advanced, comprehensive and invasive hardware attacks for which the attackers have access to laboratory equipment and the knowledge to perform reverse engineering of a device and also monitor analog signals to perform attacks such as cryptographic key analysis.

  9. https://github.com/chatziko/location-guard

  10. The weight is the number of probes in a spatial unit.

  11. We note that in this paper we employed an optimized implementation of the base partitioning algorithm compared to the version used in [44]. While the general algorithm remains the same (see Algorithm 4), we optimized the number of Flash IOs through a better usage of the 30KB of RAM available for data processing at the SP side.

References

  1. Allard T, Nguyen B, Pucheral P (2014) METAP: Revisiting privacy-preserving data publishing using secure devices. Distributed and Parallel Databases 32(2):191–244

    Article  Google Scholar 

  2. Andrés ME, Bordenabe NE, Chatzikokolakis K, Palamidessi C (2013) Geo-indistinguishability: Differential privacy for location-based systems. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security. CCS ’13. ACM, New York, pp 901–914 , https://doi.org/10.1145/2508859.2516735

  3. ARM (2009) ARM security technology - building a secure system using trustzone technology. ARM Technical White Paper

  4. Baumann A, Peinado M, Hunt G (2014) Shielding applications from an untrusted cloud with haven. In: OSDI, pp 267–283

  5. Brinkhoff T (2002) A framework for generating network-based moving objects. GeoInformatica 6(2):153–180

    Article  Google Scholar 

  6. Brown JWS, Ohrimenko O, Tamassia R (2013) Haze: Privacy-preserving real-time traffic statistics. In: ACM SIGSPATIAL, pp 540–543

  7. Cao Y, Yoshikawa M, Xiao Y, Xiong L (2017) Quantifying differential privacy under temporal correlations. In: 2017 IEEE 33rd international conference on data engineering (ICDE), IEEE, pp 821–832

  8. Chatzikokolakis K, Palamidessi C, Stronati M (2015) Location privacy via geo-indistinguishability. ACM SIGLOG News 2(3):46–69. https://doi.org/10.1145/2815493.2815499

    Article  Google Scholar 

  9. Chow CY, Mokbel MF, Aref WG (2009) Casper*: Query processing for location services without compromising privacy. ACM Trans Database Syst 34(4):24:1–24:48. https://doi.org/10.1145/1620585.1620591

    Article  Google Scholar 

  10. Cornelius C, Kapadia A, Kotz D, Peebles D, Shin M, Triandopoulos N (2008) AnonySense: Privacy-aware people-centric sensing. In: MobiSys

  11. Damiani M L (2014) Location privacy models in mobile applications: conceptual view and research directions. GeoInformatica 18(4):819–842

    Article  Google Scholar 

  12. Damiani ML, Bertino E, Silvestri C (2010) The probe framework for the personalized cloaking of private locations. Trans Data Privacy 3(2):123–148. http://dl.acm.org/citation.cfm?id=1824401.1824404

    Google Scholar 

  13. D’Hondta E, Stevens M, Jacobs A (2013) Participatory noise mapping works! an evaluation of participatory sensing as an alternative to standard techniques for environmental monitoring. Pervasive and Mobile Computing 9(5):681–694

    Article  Google Scholar 

  14. Douceur JR (2002) The sybil attack. In: Revised papers from the 1st international workshop on peer-to-peer systems, IPTPS ’01. Springer-Verlag, London, pp 251–260. http://dl.acm.org/citation.cfm?id=646334.687813

  15. Drosatos G, Efraimidis PS, Athanasiadis IN, Stevens M (2012) A privacy-preserving cloud computing system for creating participatory noise maps. In: COMPSAC, pp 581–586

  16. Faezipour M, Nourani M, Saeed A, Addepalli S (2012) Progress and challenges in intelligent vehicle area networks. Magazine Communications of the ACM 55(2):90–100

    Article  Google Scholar 

  17. Ganti R K, Pham N, Tsai Y E, Abdelzaher T F (2008) PoolView: Stream privacy for grassroots participatory sensing. In: SenSys

  18. Gao H, Liu C H, Wang W, Zhao J, Song Z, Su X, Crowcroft J, Leung K K (2015) A survey of incentive mechanisms for participatory sensing. IEEE Comm Surveys and Tutorials 17(2):918–943

    Article  Google Scholar 

  19. Ghinita G, Damiani ML, Silvestri C, Bertino E (2016) Protecting against velocity-based, proximity-based, and external event attacks in location-centric social networks. ACM Trans Spatial Algorithms Syst 2(2):8:1–8:36. https://doi.org/10.1145/2910580

    Article  Google Scholar 

  20. Goel P, Kulik L, Ramamohanarao K (2016) Privacy-aware dynamic ride sharing. ACM Trans Spatial Algorithms Syst 2(1):4:1–4:41. https://doi.org/10.1145/2845080

    Article  Google Scholar 

  21. González J, Hölzl M, Riedl P, Bonnet P, Mayrhofer R (2014) A practical hardware-assisted approach to customize trusted boot for mobile devices. In: Chow SSM, Camenisch J, Hui L C K, Yiu S M (eds) Information Security. Springer International Publishing, pp 542–554

  22. Hoh B, Iwuchukwu T, Jacobson Q, Work D, Bayen A M, Herring R, Herrera J C, Gruteser M, Annavaram M, Ban J (2012) Enhancing privacy and accuracy in probe vehicle-based traffic monitoring via virtual trip lines. IEEE Tran on Mobile Computing 11(5):849–864

    Article  Google Scholar 

  23. Huang KL, Kanhere SS, Hu W (2010) Preserving privacy in participatory sensing systems. Comput Commun 33(11):1266–1280. https://doi.org/10.1016/j.comcom.2009.08.012

    Article  Google Scholar 

  24. Jain N, Mishra S, Srinivasan A, Gehrke J, Widom J, Balakrishnan H, Çetintemel U, Cherniack M, Tibbetts R, Zdonik S B (2008) Towards a streaming sql standard. PVLDB 1(2):1379–1390

    Google Scholar 

  25. Lallali S, Anciaux N, Popa IS, Pucheral P (2017) Supporting secure keyword search in the personal cloud. Inf Syst 72:1–26. https://doi.org/10.1016/j.is.2017.09.003. http://www.sciencedirect.com/science/article/pii/S0306437916303891

    Article  Google Scholar 

  26. Li M, Zhu L, Zhang Z, Xu R (2017) Achieving differential privacy of trajectory data publishing in participatory sensing. Inf Sci 400(C):1–13 . https://doi.org/10.1016/j.ins.2017.03.015

    Google Scholar 

  27. Li Q, Cao G (2012) Efficient and privacy-preserving data aggregation in mobile sensing. In: IEEE ICNP

  28. Liu R, Cao J, VanSyckel S, Gao W (2016) Prime: Human-centric privacy measurement based on user preferences towards data sharing in mobile participatory sensing systems. In: 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp 1–8. https://doi.org/10.1109/PERCOM.2016.7456518

  29. Maruseac M, Ghinita G, Trajcevski G, Scheuermann P (2017) Privacy-preserving detection of anomalous phenomena in crowdsourced environmental sensing using fine-grained weighted voting. Geoinformatica 21(4):733–762. https://doi.org/10.1007/s10707-017-0304-3

    Article  Google Scholar 

  30. de Montjoye Y A, Hidalgo C A, Verleysen M, Blondel V D (2013) Unique in the crowd: The privacy bounds of human mobility. Scientific reports 3

  31. Nittel S, Whittier JC, Liang Q (2012) Real-time spatial interpolation of continuous phenomena using mobile sensor data streams. In: ACM SIGSPATIAL, pp 530–533

  32. Pan J, Sandu-Popa I, Borcea C (2017) Divert: A distributed vehicular traffic re-routing system for congestion avoidance. IEEE Trans Mob Comput 16(1):58–72. https://doi.org/10.1109/TMC.2016.2538226

    Article  Google Scholar 

  33. Penza M (2014) Cost action TD1105: New sensing technologies for environmental sustainability in smart cities. In: IEEE SENSORS

  34. Piro C, Shields C, Levine BN (2006) Detecting the sybil attack in mobile ad hoc networks. In: 2006 Securecomm and Workshops, pp 1–11

  35. Popa RA, Blumberg AJ, Balakrishnan H, Li FH (2011) Privacy and accountability for location-based aggregate statistics. In: CCS, pp 653–666

  36. Priebe C, Vaswani K, Costa M (2018) Enclavedb - a secure database using sgx. IEEE. https://www.microsoft.com/en-us/research/publication/enclavedb-a-secure-database-using-sgx/

  37. Quercia D, Leontiadis I, Mcnamara L, Mascolo C, Crowcroft J (2011) Spotme if you can: Randomized responses for location obfuscation on mobile phones. In: ICDCS, pp 363–372

  38. Sabt M, Achemlal M, Bouabdallah A (2015) Trusted execution environment: What it is, and what it is not. In: 2015 IEEE trustcom/BigDataSE/ISPA. https://doi.org/10.1109/Trustcom.2015.357, vol 1, pp 57–64

  39. Shi J, Zhang R, Liu Y, Zhang Y (2010) PriSense: Privacy-preserving data aggregation in people-centric urban sensing systems. In: IEEE INFOCOM

  40. Thiagarajan A, Ravindranath L, LaCurts K, Madden S, Balakrishnan H, Toledo S, Eriksson J (2009) Vtrack: accurate, energy-aware road traffic delay estimation using mobile phones. In: ACM SenSys, pp 85–98

  41. To QC, Nguyen B, Pucheral P (2014) Privacy-preserving query execution using a decentralized architecture and tamper resistant hardware. In: EDBT, pp 487–498

  42. To QC, Nguyen B, Pucheral P (2016) Private and scalable execution of sql aggregates on a secure decentralized architecture. ACM Trans Database Syst 41 (3):16:1–16:43. https://doi.org/10.1145/2894750

    Article  Google Scholar 

  43. Ton-That D H, Sandu-Popa I, Zeitouni K (2015) PPTM: Privacy-aware participatory traffic monitoring using mobile secure probes. In: IEEE MDM, demo paper

  44. Ton-That DH, Sandu-Popa I, Zeitouni K, Borcea C (2016) PAMPAS: Privacy-aware mobile participatory sensing using secure probes. In: Proceedings of the 28th international conference on scientific and statistical database management, ACM, SSDBM ’16, pp 4:1–4:12. https://doi.org/10.1145/2949689.2949704

  45. Wang G, Wang B, Wang T, Nika A, Zheng H, Zhao BY (2016) Defending against sybil devices in crowdsourced mapping services. In: Proceedings of the 14th annual international conference on mobile systems, applications, and services, MobiSys ’16. ACM, New York, pp 179–191. https://doi.org/10.1145/2906388.2906420

  46. Wang L, Yang D, Han X, Wang T, Zhang D, Ma X (2017) Location privacy-preserving task allocation for mobile crowdsensing with differential geo-obfuscation. In: Proceedings of the 26th international conference on World Wide Web, international world wide web conferences steering committee, Republic and Canton of Geneva, Switzerland, WWW ’17, pp 627–636. https://doi.org/10.1145/3038912.3052696

  47. Yuan J, Zheng Y, Xie W, Xie X, Sun G, Huang Y (2010) T-drive: driving directions based on taxi trajectories. In: SIGSPATIAL, pp 99–108

Download references

Author information

Authors and Affiliations

  1. DAVID Laboratory - University of Versailles Saint-Quentin, Université Paris-Saclay, Versailles, France

    Iulian Sandu Popa & Karine Zeitouni

  2. INRIA Saclay-Ile-de-France, Université Paris-Saclay, Palaiseau, France

    Iulian Sandu Popa

  3. College of Computing and Digital Media, DePaul University, Chicago, IL, USA

    Dai Hai Ton That

  4. Department of Computer Science, New Jersey Institute of Technology, Newark, NJ, USA

    Cristian Borcea

Authors
  1. Iulian Sandu Popa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dai Hai Ton That
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Karine Zeitouni
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Cristian Borcea
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Iulian Sandu Popa.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Popa, I.S., That, D.H.T., Zeitouni, K. et al. Mobile participatory sensing with strong privacy guarantees using secure probes. Geoinformatica 25, 533–580 (2021). https://doi.org/10.1007/s10707-019-00389-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10707-019-00389-4

Keywords

Search

Navigation