PETS 2017 The 17th Privacy Enhancing T echnologies Symposium July 18–21, 2017 Minneapolis, MN, USA Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur Rahaman 1 , Long Cheng 1 , Danfeng (Daphne) Yao 1 , He Li 2 , Jung-Min (Jerry) Park 2 Computer Science 1 , Electrical & Computer Engineering 2 Virginia Tech {sazzad14, chengl, danfeng}@cs.vt.edu, {heli, jungmin}@ece.vt.edu
Mobile Computing Opportunities Detectjng dangers with crowdsourcing 1 Bioanalysis using portable PCR built on mobile phones 1 https://www.seas.harvard.edu/news/2017/07/detecting-dangers-with-crowdsourcing 2
Crowdsensing and Citizen Science New Applicatjons Data Model [Kanjo+’10] User Context Behavior Predictjons [Pan+’ 13] Resource Management Crowdsensing [McKinley+‘ 15] Machine learning Pros: Cons: Cost efgectjve, easy to deploy Users are in control! New possibilitjes to track users! 3 of 33
Is Privacy a Lost Battle? March 28, 2017 – Congress sent proposed legislation to the White House that wipes away landmark online privacy protections. [Washington Post, March 28, 2017] 4
Privacy in crowdsensing Are we ready to ofger privacy preserving crowdsensing infrastructure? Privacy Preserving Authentjcatjon to the rescue? Group Manager Privacy Preserving Authentjcatjon (PPA): (3. Request user (1. secret key) revocatjon) (1. public key) The mechanism of authentjcatjng a user (4. Revoke user) without knowing her identjty. (2. Submit data with signature) User Server State-of-the art PPA cannot solve this problem! 5
Challenges for Existing PPA Cons: [SPPEAR: Gisdakis+’ 14] Pseudonym-based: • Public Key certjfjcatjon overhead Actual IDs are replaced with short-lived • Signatures under the same secret pseudonyms. key are linkable [AnonySense: Cornelius+’ 08] Group Signature-based: One public key for all users and No two Cons: signatures are linkable under same • The revocatjon check is of O( R ) signing key It can give you server tjmeout 100s of Revoked Users! Finding sublinear revocatjon for VLR-based GS is open for 13+ years! [Boneh+’04] 6
Our Contribution A new computatjonally scalable GS Scheme (SRBE) Features: • Security propertjes: Backward Unlinkable Anonymity, Traceability and Exculpability. • Sublinear Revocatjon check – Extremely scalable! • It uses pseudonyms but achieves Constant revocatjon token size A new scalable Crowdsensing Framework (GroupSense) with prototype implementatjon. 7
Threat Model and Security Goals Assumptjon: Group Manager forms a group, anyone can join/leave at anytjme! Security Goals Threat Model Malicious Users Accountability within the group (Traceability) Malicious Users Identjty Sensing-tjme Honest-but-curious from outside Unforgeability Anonymity Data Collector Goal: A practjcal anonymous-yet-accountable privacy preserving infrastructure 8
Our Contribution A new computatjonally scalable GS Scheme (SRBE) Features: • Security propertjes: Backward Unlinkable Anonymity, Traceability and Exculpability. • Sublinear Revocatjon check – Extremely scalable! • It uses pseudonyms but achieves Constant revocatjon token size A new scalable Crowdsensing Framework (GroupSense) with prototype implementatjon. 9
SRBE – Constant Revocation token Size SEED 1 H 5 (SEED 2) H 1 (SEED 1) H 5 (SEED 2) H 1 (SEED 1) PID 1 H 4 (SEED 2) H 2 (SEED 1) H 4 (SEED 2) H 2 (SEED 1) PID 2 H 3 (SEED 2) H 3 (SEED 1) H 3 (SEED 2) H 3 (SEED 1) PID 3 PID 3 H 2 (SEED 2) H 4 (SEED 1) H 2 (SEED 2) H 4 (SEED 1) PID 4 PID 4 H 1 (SEED 2) H 5 (SEED 1) H 5 (SEED 1) H 1 (SEED 2) PID 5 PID 5 SEED 2 SEED 2 10
Embedding Pseudonyms in Signature Security Properties: • Signers are restricted to use issued pseudoIDs only. • Signer i is restricted to use PID ij for tjme period j . • Even if one knows PID ij , she cannot forge signatures. 11
Security Analysis DLIN Assumptjon [Boneh+, 2004] Backward Unlinkable Anonymity: The anonymity of a valid signer is preserved (holds for revoked users too). Limitatjon: Signatures from the same signer in the same tjme interval are linkable. q-BSDH Assumptjon [Boneh+, 2004] Traceability: Any valid signature is traceable to an honest signer. DL Assumptjon [Kiayias+, 2004] Exculpability: Even the group manager cannot frame an honest signer 12
Performance Performance of RevocatjonCheck Overall computatjonal complexity 13
GroupSense Performance - Server GroupSense performance during data submission
GroupSense Performance - Android Sign Algorithm performance Join Algorithm performance
Future Work Privacy preserving authentjcatjon (PPA) is only a piece of a bigger puzzle! Correlatjon Based Atuacks • Correlatjon using Meta-Data (e.g., Device Info, IP) • Correlatjon using Data itself (e.g., GPS locatjon, Special habits) There are lots of studies addressing these problem in general. Unfortunately most of them do not consider data collector’s app in phone! Which is inconsistent with crowdsensing settjngs. [Christjn+’ 16] Unifjed platgorm for anonymous-yet-accountable crowdsensing is necessary! 16
[Key Takeways…] Sublinear revocatjon is feasible… Universal crowdsensing-platgorm is necessary for: - Mass adoptjon - interdisciplinary collaboratjons to solve dauntjng humanity problems… Questions? 17
Thanks!
Recommend
More recommend
![ObliviAd : Provably Secure and Practical Online Behavioral Advertising [IEEE S&P 12]](https://c.sambuz.com/852717/obliviad-provably-secure-and-practical-online-behavioral-s.jpg)
