Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing

Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
1
Privacy-Respecting Auctions as
Incentive Mechanisms in Mobile
Crowd Sensing
Tassos Dimitriou and Ioannis Krontiris
9th WISTP International Conference on Information
Security Theory and Practice (WISTP'2015).
August 24 - 25, 2015
Heraklion, Crete, Greece

2
Outline
Motivation
Auction mechanism for mobile sensing
Security and privacy requirements
Privacy-respecting auction and Rewarding mechanism

3
Picture from: D. Christin, A. Reinhardt, S.S. Kanhere, M. Hollick, A Survey on Privacy in Mobile Participatory Sensing Applications,
Journal of Systems & Software 2011.
Mobile Sensing - Old Style
Participants proactively sending data.
How to motivate contribution and better quality of data? Protect privacy?

4
Information Discovery
Here data consumers are interested in retrieving information
according to some requirements from multiple data
contributors that satisfy these requirements.
Define:
Specific geographic area
Sensor types, time frame
Quality criteria
Post task on public domain
Download task and respond

5
Incentives to participation
Why would mobile users contribute data?
Need incentives: monetary, social, gaming
Micro-payments work! But how much is enough?
Depends on personal preferences, perceived cost of
participation, context
It should be the data provider to set the price!
Apply reverse-auctions: n users with lowest prices win the
auction and contribute data

6
Multi-attributive auctions
Most suitable kind: multi-attributive auctions
Allow integration of quality attributes into the auction bidding,
besides the price.

7
Privacy concerns
The widespread deployment of mobile sensors
introduces serious privacy risks since the
frequent collection of personal data may reveal
considerable information about location, personal
preferences, social relationships, etc...
Imperative to address privacy in mobile crowd-
sensing systems
It still remains an open problem on how to provide privacy protection
when incentive mechanisms are also incorporated in the system.

8
Our contribution
Incentives + Privacy
A privacy-respecting protocol that allows anonymous users to
participate in reverse auctions employed by an MCS system.
Two main parts.
Provide bidders’ anonymity for the auction
Reward users and enable winners of the auction to claim their
rewards without being linked to their contributed data.

9
Model
Service Providers:
• requesters of sensing data
• have fixed budget
Users: owners of mobile devices with sensors
Auction Infrastructure:
• Task Server - publishing the sensing tasks,
• Auction Server - running the auction process
• Report Server - collects the reports from the auction
winners and forwards them to the Service Provider.

10
A generic auction mechanism
Bid = Utility Score Si
computed based also on quality factors  
(e.g. distance from the desired location, the location accuracy, the sampling frequency, …)

11
Security and Privacy Requirements
Correctness and Fairness: Winners get reward. No bidder can obtain
an unfair advantage based on information revealed about other bids
Bidders’ privacy: Bidders remain anonymous throughout the whole
process of the auction -> Unlinkability between (a) identity of bidders
and their bids, (b) two bids from the same bidder
Confidentiality of bids: All bids remain secret until the opening phase.
Applies for all parties including Auction Server.
Public verifiability: The correctness of the auction process should be
easy to verify by any interested party.
Non-repudiation: No bidder should be able to change its mind (e.g.
deny or modify its bid) once the bid is submitted.

12
Auction protocol
Two main phases Bidding and Opening. However, there exists
an implicit setup phase: Registration
During registration,
• Auction Server (AS) sets up the bulletin
board, publishes its public key and announces
parameters of the auction
− Auction ID, starting/ending time, duration of
each phase, and so on.
• Each bidder i creates a pseudonymous ID
(BidderID) to represent its identity during the
auction along with a one-time public key Ki.
• AS publishes this information to the bulletin
board

13
Auction protocol - Bidding
During the bidding phase, each bidder i
• computes its utility score Si,
• masks it with a random number ri and
• sends a commitment Ci of for the bid, where  
hi = H(Si || ri).
Note: Auction server receives a bid, however it cannot read this
bid before the opening phase. Commitments are published in
the bulletin board so that anybody can verify that its bid has
been correctly accounted for.

14
Auction protocol - Opening
When bidding phase is over, each bidder reveals utility
score Si
and ri
that have been used in computing Ci
.
Auction server announces n highest utility scores as the
winners of the auction
Note: Any participant can verify correctness by computing  
H(Si || ri) and comparing with the commitment Ci received
during the bidding phase.

15
Incentives for participation - Rewarding
The previous protocol can be extended to support
a privacy-preserving credit reward mechanism for
users submitting data reports.
• This can be achieved using a  
(i) a central bank system, or  
(ii) a decentralized digital payment system
(method developed here).
(i) While the e-cash scheme (not shown here) may
be easier conceptually, it suffers from a potential loss
of privacy if the report server and the Bank collude
together to reveal the bidder’s identity.

16
Anonymous reward tokens
To eliminate the need for a centralized payment service, we
can use the Report Server as an issuer of reward tokens that
can be redeemed by the bidder.
The token
• Corresponds to an amount commensurate to the data
provided by the user.
• It reveals no information about the underlying user.
• The recipient (RS) has first to verify their validity
and then verify whether the tokens have been spent
before.
This approach can still be thought as a lightweight
e-cash scheme, yet without the requirement of a
trusted payment service

17
Token generation
Winning Bidder Bi Report Server RS

18
Token spending
Winning Bidder Bi Report Server RS
Submission of tokens
(User must prove knowledge of secret values r and s used in the creation of token T)
Set h = H(Token, date/time)
Set y = r + hs mod q.
Token T, y
Verify signature. Is T a valid token?
Verify token has not been used before
by searching database of used tokens.
Note: The protocol ensures that i) tokens are not tied to bidder identities, and
ii) the RS is protected by malicious bidders who try to double-spend tokens.

19
Security Analysis (1)
Confidentiality of bids. Since bids are opened only after the bidding
phase, nobody can compute the bids before they are opened. Recall
commitment H(Si || ri).
Correctness & Verifiability. All values are published in the bulletin
board.
• Anybody can verify correctness of the auction as all bidders reveal their
utility scores Si and the random numbers ri used in signed commitment.
Unlinkability between bids. Not possible to relate two bids submitted
at different auctions by the same bidder.
• Bidders participate in auctions using different pseudonyms and public
keys.
• Important to use an anonymity service so that bid submissions cannot be
linked to an internet identifier such as the IP address of the bidder.

20
Security Analysis (2)
Unforgeability/Unreusability of tokens. The zero knowledge
proofs used during token spending ensure that only a bidder
who knows the representation of u and v in the token ID can
supply these proofs.
Bidder privacy/Unlinkability of tokens. When a user tries to
redeem a token and provides the server (directly or indirectly
through a proxy) the zero knowledge proof, the server cannot
tell which bidder created the token as the only visible part
during the token construction is the public part Val, Exp of the
token

21
Token indistinguishability experiment

22
Conclusions
Users of mobile devices can participate anonymously in the
auctions and define the price they expect for contributing
sensing data.
Τhe buyer of the data can select the winners based not only
on the price, but also on the quality of the offered data.
The winners of the auction can then collect their price without
linking their real identity to the data they contributed.
Our solution uses a lightweight rewarding scheme eliminating
the need for a single trusted payment system.
Future work: integrate anonymous reputation mechanism

23

Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing

Ähnlich wie Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing (20)

Mehr von Ioannis Krontiris

Mehr von Ioannis Krontiris (6)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing