Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable - - PowerPoint PPT Presentation
PETS 2017 The 17th Privacy Enhancing T echnologies Symposium July 1821, 2017 Minneapolis, MN, USA Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur Rahaman 1 , Long Cheng 1 , Danfeng (Daphne)
Sazzadur Rahaman1, Long Cheng1, Danfeng (Daphne) Yao1, He Li2, Jung-Min (Jerry) Park2
Computer Science1, Electrical & Computer Engineering2 Virginia Tech {sazzad14, chengl, danfeng}@cs.vt.edu, {heli, jungmin}@ece.vt.edu
PETS 2017
The 17th Privacy Enhancing T echnologies Symposium July 18–21, 2017 Minneapolis, MN, USA
Bioanalysis using portable PCR built on mobile phones
1https://www.seas.harvard.edu/news/2017/07/detecting-dangers-with-crowdsourcing
Detectjng dangers with crowdsourcing1
2
Pros:
Cost efgectjve, easy to deploy Users are in control!
3
Cons:
New possibilitjes to track users!
Data Model User Context New Applicatjons [Kanjo+’10] Behavior Predictjons [Pan+’ 13] Resource Management [McKinley+‘ 15] Crowdsensing Machine learning
March 28, 2017 – Congress sent proposed legislation to the White House that wipes away landmark online privacy protections.
[Washington Post, March 28, 2017]
4
Privacy Preserving Authentjcatjon to the rescue? Privacy Preserving Authentjcatjon (PPA): The mechanism of authentjcatjng a user without knowing her identjty.
User Server Group Manager (1. secret key) (4. Revoke user) (2. Submit data with signature) (3. Request user revocatjon) (1. public key)
Are we ready to ofger privacy preserving crowdsensing infrastructure?
5
Pseudonym-based: Actual IDs are replaced with short-lived pseudonyms.
Group Signature-based: One public key for all users and No two signatures are linkable under same signing key Cons:
key are linkable Cons:
[SPPEAR: Gisdakis+’ 14] [AnonySense: Cornelius+’ 08]
It can give you server tjmeout 100s of Revoked Users! Finding sublinear revocatjon for VLR-based GS is open for 13+ years! [Boneh+’04]
6
A new computatjonally scalable GS Scheme (SRBE) Features:
Exculpability.
A new scalable Crowdsensing Framework (GroupSense) with prototype implementatjon.
7
Malicious Users within the group Malicious Users from outside Honest-but-curious Data Collector Accountability (Traceability) Identjty Unforgeability Sensing-tjme Anonymity
Goal: A practjcal anonymous-yet-accountable privacy preserving infrastructure
Threat Model Security Goals
8
Assumptjon: Group Manager forms a group, anyone can join/leave at anytjme!
A new computatjonally scalable GS Scheme (SRBE) Features:
Exculpability.
A new scalable Crowdsensing Framework (GroupSense) with prototype implementatjon.
9
PID2 PID3 PID4 PID5 PID1 H1(SEED1) H2(SEED1) H3(SEED1) H4(SEED1) H5(SEED1) H5(SEED2) H4(SEED2) H3(SEED2) H2(SEED2) H1(SEED2) PID3 PID4 PID5 SEED2 H3(SEED1) H4(SEED1) H5(SEED1) H4(SEED2) H3(SEED2) H2(SEED2) H1(SEED2) H5(SEED2) H1(SEED1) H2(SEED1)
10
SEED2 SEED1
Security Properties:
11
DLIN Assumptjon [Boneh+, 2004] q-BSDH Assumptjon [Boneh+, 2004] DL Assumptjon [Kiayias+, 2004]
Backward Unlinkable Anonymity: The anonymity of a valid signer is preserved (holds for revoked users too).
Traceability: Any valid signature is traceable to an honest signer.
Exculpability: Even the group manager cannot frame an honest signer
12
Limitatjon: Signatures from the same signer in the same tjme interval are linkable.
Overall computatjonal complexity Performance of RevocatjonCheck
13
GroupSense performance during data submission
Join Algorithm performance Sign Algorithm performance
Correlatjon Based Atuacks
There are lots of studies addressing these problem in general. Privacy preserving authentjcatjon (PPA) is only a piece of a bigger puzzle! Unfortunately most of them do not consider data collector’s app in phone! Which is inconsistent with crowdsensing settjngs. Unifjed platgorm for anonymous-yet-accountable crowdsensing is necessary!
[Christjn+’ 16]
16
Sublinear revocatjon is feasible… Universal crowdsensing-platgorm is necessary for:
[Key Takeways…]
17