In many mobile crowdsensing scenarios it is desirable to give micro-payments to contributors as an incentive for their participation. However, to further encourage participants to use the system, one important requirement is protection of user privacy. In this work we present a reverse auction mechanism as an efficient way to offer incentives to users by allowing them to determine their own price for the data they provide, but also as a way to motivate them to submit better quality data. At the same time our auction protocol guarantees bidders’ anonymity and suggests a new rewarding mechanism that enables winners to claim their reward without being linked to the data they contributed. Our protocol is scalable, can be applied to a large class of auctions and remains both computation- and communication-efficient so that it can be run to the mobile devices of users.
Full paper: T. Dimitriou, I. Krontiris, "Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing", the 9th WISTP International Conference on Information Security Theory and Practice (WISTP 2015), 24-25 August 2015, Heraklion, Crete, Greece.
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing
1. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
1
Privacy-Respecting Auctions as
Incentive Mechanisms in Mobile
Crowd Sensing
Tassos Dimitriou and Ioannis Krontiris
9th WISTP International Conference on Information
Security Theory and Practice (WISTP'2015).
August 24 - 25, 2015
Heraklion, Crete, Greece
2. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
2
Outline
Motivation
Auction mechanism for mobile sensing
Security and privacy requirements
Privacy-respecting auction and Rewarding mechanism
3. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
3
Picture from: D. Christin, A. Reinhardt, S.S. Kanhere, M. Hollick, A Survey on Privacy in Mobile Participatory Sensing Applications,
Journal of Systems & Software 2011.
Mobile Sensing - Old Style
Participants proactively sending data.
How to motivate contribution and better quality of data? Protect privacy?
4. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
4
Information Discovery
Here data consumers are interested in retrieving information
according to some requirements from multiple data
contributors that satisfy these requirements.
Define:
Specific geographic area
Sensor types, time frame
Quality criteria
Post task on public domain
Download task and respond
5. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
5
Incentives to participation
Why would mobile users contribute data?
Need incentives: monetary, social, gaming
Micro-payments work! But how much is enough?
Depends on personal preferences, perceived cost of
participation, context
It should be the data provider to set the price!
Apply reverse-auctions: n users with lowest prices win the
auction and contribute data
6. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
6
Multi-attributive auctions
Most suitable kind: multi-attributive auctions
Allow integration of quality attributes into the auction bidding,
besides the price.
7. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
7
Privacy concerns
The widespread deployment of mobile sensors
introduces serious privacy risks since the
frequent collection of personal data may reveal
considerable information about location, personal
preferences, social relationships, etc...
Imperative to address privacy in mobile crowd-
sensing systems
It still remains an open problem on how to provide privacy protection
when incentive mechanisms are also incorporated in the system.
8. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
8
Our contribution
Incentives + Privacy
A privacy-respecting protocol that allows anonymous users to
participate in reverse auctions employed by an MCS system.
Two main parts.
Provide bidders’ anonymity for the auction
Reward users and enable winners of the auction to claim their
rewards without being linked to their contributed data.
9. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
9
Model
Service Providers:
• requesters of sensing data
• have fixed budget
Users: owners of mobile devices with sensors
Auction Infrastructure:
• Task Server - publishing the sensing tasks,
• Auction Server - running the auction process
• Report Server - collects the reports from the auction
winners and forwards them to the Service Provider.
10. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
10
A generic auction mechanism
Bid = Utility Score Si
computed based also on quality factors
(e.g. distance from the desired location, the location accuracy, the sampling frequency, …)
11. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
11
Security and Privacy Requirements
Correctness and Fairness: Winners get reward. No bidder can obtain
an unfair advantage based on information revealed about other bids
Bidders’ privacy: Bidders remain anonymous throughout the whole
process of the auction -> Unlinkability between (a) identity of bidders
and their bids, (b) two bids from the same bidder
Confidentiality of bids: All bids remain secret until the opening phase.
Applies for all parties including Auction Server.
Public verifiability: The correctness of the auction process should be
easy to verify by any interested party.
Non-repudiation: No bidder should be able to change its mind (e.g.
deny or modify its bid) once the bid is submitted.
12. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
12
Auction protocol
Two main phases Bidding and Opening. However, there exists
an implicit setup phase: Registration
During registration,
• Auction Server (AS) sets up the bulletin
board, publishes its public key and announces
parameters of the auction
− Auction ID, starting/ending time, duration of
each phase, and so on.
• Each bidder i creates a pseudonymous ID
(BidderID) to represent its identity during the
auction along with a one-time public key Ki.
• AS publishes this information to the bulletin
board
13. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
13
Auction protocol - Bidding
During the bidding phase, each bidder i
• computes its utility score Si,
• masks it with a random number ri and
• sends a commitment Ci of for the bid, where
hi = H(Si || ri).
Note: Auction server receives a bid, however it cannot read this
bid before the opening phase. Commitments are published in
the bulletin board so that anybody can verify that its bid has
been correctly accounted for.
14. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
14
Auction protocol - Opening
When bidding phase is over, each bidder reveals utility
score Si
and ri
that have been used in computing Ci
.
Auction server announces n highest utility scores as the
winners of the auction
Note: Any participant can verify correctness by computing
H(Si || ri) and comparing with the commitment Ci received
during the bidding phase.
15. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
15
Incentives for participation - Rewarding
The previous protocol can be extended to support
a privacy-preserving credit reward mechanism for
users submitting data reports.
• This can be achieved using a
(i) a central bank system, or
(ii) a decentralized digital payment system
(method developed here).
(i) While the e-cash scheme (not shown here) may
be easier conceptually, it suffers from a potential loss
of privacy if the report server and the Bank collude
together to reveal the bidder’s identity.
16. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
16
Anonymous reward tokens
To eliminate the need for a centralized payment service, we
can use the Report Server as an issuer of reward tokens that
can be redeemed by the bidder.
The token
• Corresponds to an amount commensurate to the data
provided by the user.
• It reveals no information about the underlying user.
• The recipient (RS) has first to verify their validity
and then verify whether the tokens have been spent
before.
This approach can still be thought as a lightweight
e-cash scheme, yet without the requirement of a
trusted payment service
17. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
17
Token generation
Winning Bidder Bi Report Server RS
18. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
18
Token spending
Winning Bidder Bi Report Server RS
Submission of tokens
(User must prove knowledge of secret values r and s used in the creation of token T)
Set h = H(Token, date/time)
Set y = r + hs mod q.
Token T, y
Verify signature. Is T a valid token?
Verify token has not been used before
by searching database of used tokens.
Note: The protocol ensures that i) tokens are not tied to bidder identities, and
ii) the RS is protected by malicious bidders who try to double-spend tokens.
19. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
19
Security Analysis (1)
Confidentiality of bids. Since bids are opened only after the bidding
phase, nobody can compute the bids before they are opened. Recall
commitment H(Si || ri).
Correctness & Verifiability. All values are published in the bulletin
board.
• Anybody can verify correctness of the auction as all bidders reveal their
utility scores Si and the random numbers ri used in signed commitment.
Unlinkability between bids. Not possible to relate two bids submitted
at different auctions by the same bidder.
• Bidders participate in auctions using different pseudonyms and public
keys.
• Important to use an anonymity service so that bid submissions cannot be
linked to an internet identifier such as the IP address of the bidder.
20. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
20
Security Analysis (2)
Unforgeability/Unreusability of tokens. The zero knowledge
proofs used during token spending ensure that only a bidder
who knows the representation of u and v in the token ID can
supply these proofs.
Bidder privacy/Unlinkability of tokens. When a user tries to
redeem a token and provides the server (directly or indirectly
through a proxy) the zero knowledge proof, the server cannot
tell which bidder created the token as the only visible part
during the token construction is the public part Val, Exp of the
token
21. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
21
Token indistinguishability experiment
22. Privacy-Respecting Auctions in Mobile Crowd Sensing
Tassos Dimitriou & Ioannis Krontiris
22
Conclusions
Users of mobile devices can participate anonymously in the
auctions and define the price they expect for contributing
sensing data.
Τhe buyer of the data can select the winners based not only
on the price, but also on the quality of the offered data.
The winners of the auction can then collect their price without
linking their real identity to the data they contributed.
Our solution uses a lightweight rewarding scheme eliminating
the need for a single trusted payment system.
Future work: integrate anonymous reputation mechanism