ABSTRACT
Personal mobile devices are increasingly equipped with the capability to sense the physical world (through cameras, microphones, and accelerometers, for example) and the, network world (with Wi-Fi and Bluetooth interfaces). Such devices offer many new opportunities for cooperative sensing applications. For example, users' mobile phones may contribute data to community-oriented information services, from city-wide pollution monitoring to enterprise-wide detection of unauthorized Wi-Fi access points. This people-centric mobile-sensing model introduces a new security challenge in the design of mobile systems: protecting the privacy of participants while allowing their devices to reliably contribute high-quality data to these large-scale applications.
We describe AnonySense, a privacy-aware architecture for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing tasks that will be distributed across anonymous participating mobile devices, later receiving verified, yet anonymized, sensor data reports back from the field, thus providing the first secure implementation of this participatory sensing model. We describe our trust model, and the security properties that drove the design of the AnonySense system. We evaluate our prototype implementation through experiments that indicate the feasibility of this approach, and through two applications: a Wi-Fi rogue access point detector and a lost-object finder.
- T. Abdelzaher, Y. Anokwa, P. Boda, J. Burke, D. Estrin, L. Guibas, A. Kansal, S. Madden, and J. Reich. Mobiscopes for human spaces. IEEE Pervasive Computing, 6(2):20-29, 2007. Google ScholarDigital Library
- D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In Proceedings of Crypto '04, volume 3152 of LNCS, pages 41--55. Springer-Verlag, 2004.Google Scholar
- Continua alliance. http://www.continuaalliance.org/use_cases/. Use cases available on the web.Google Scholar
- G. Calandriello, P. Papadimitratos, J.-P. Hubaux, and A. Lioy. Efficient and robust pseudonymous authentication in VANET. In VANET '07: Proceedings of the Fourth ACM International Workshop on Vehicular Ad Hoc Networks, pages 19--28. ACM Press, 2007. Google ScholarDigital Library
- J. Camenisch and E. V. Herreweghen. Design and implementation of the phidemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 21--30. ACM Press, 2002. Google ScholarDigital Library
- Camping. http://code.whytheluckystiff.net/camping/. Available on the web.Google Scholar
- A. Campbell, S. Eisenman, N. Lane, E. Miluzzo, and R. Peterson. People-centric urban sensing. In The Second Annual International Wireless Internet Conference (WICON), pages 2--5. IEEE Computer Society Press, August 2006. Google ScholarDigital Library
- CENS Urban Sensing project, 2007. http://research.cens.ucla.edu/projects/2006/Systems/Urban_Sensing/.Google Scholar
- D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 4(2), Feb. 1981. Google ScholarDigital Library
- D. M. Dias, W. Kish, R. Mukherjee, and R. Tewari. A scalable and highly available web server. In COMPCON '96: Proceedings of the 41st IEEE International Computer Conference, page 85, Washington, DC, USA, 1996. IEEE Computer Society. Google ScholarDigital Library
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 2004. Google ScholarDigital Library
- S. B. Eisenman, E. Miluzzo, N. D. Lane, R. A. Peterson, G.-S. Ahn, and A. T. Campbell. The BikeNet mobile sensing system for cyclist experience mapping. In Proceedings of the 5th ACM Conference On Embedded Networked Sensor Systems (SenSys), pages 87--101, Nov. 2007. Google ScholarDigital Library
- C. Frank, P. Bolliger, C. Roduner, and W. Kellerer. Objects calling home: Locating objects using mobile phones. In Proceedings of the 5th International Conference on Pervasive Computing (Pervasive), pages 351--368, May 2007. Google ScholarDigital Library
- B. Gedik and L. Liu. Location privacy in mobile systems: A personalized anonymization model. In Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDCS), pages 620--629. IEEE Computer Society, 2005. Google ScholarDigital Library
- M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In Proceedings of the First International Conference on Mobile Systems, Applications and Services (MobiSys), pages 31--42. ACM Press, 2003. Google ScholarDigital Library
- M. Gruteser and D. Grunwald. Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. Mobile Networks and Applications, 10(3):315--325, 2005. Google ScholarDigital Library
- B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady. Preserving privacy in GPS traces via uncertainty-aware path cloaking. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pages 161--171. ACM, 2007. Google ScholarDigital Library
- B. Hull, V. Bychkovsky, Y. Zhang, K. Chen, M. Goraczko, A. K. Miu, E. Shih, H. Balakrishnan, and S. Madden. CarTel: A Distributed Mobile Sensor Computing System. In Proceedings of the 4th ACM Conference on Embedded Networked Sensor Systems (SenSys), pages 125--138, Nov. 2006. Google ScholarDigital Library
- G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. D. Abowd. Developing privacy guidelines for social location disclosure applications and services. In Proceedings of the 2005 Symposium on Usable Privacy and Security (SOUPS), pages 65--76, July 2005. Google ScholarDigital Library
- T. Jiang, H. J. Wang, and Y.-C. Hu. Preserving location privacy in wireless LANs. In Proceedings of the 5th International Conference on Mobile Systems, Applications and Services (MobiSys), pages 246--257. ACM Press, 2007. Google ScholarDigital Library
- P. Johnson, A. Kapadia, D. Kotz, and N. Triandopoulos. People-Centric Urban Sensing: Security Challenges for the New Paradigm. Technical Report TR2007-586, Dartmouth College, Computer Science, Hanover, NH, February 2007.Google Scholar
- A. Kapadia, T. Henderson, J. J. Fielding, and D. Kotz. Virtual walls: Protecting digital privacy in pervasive environments. In Proceedings of the Fifth International Conference on Pervasive Computing (Pervasive), volume 4480 of LNCS, pages 162--179. Springer-Verlag, May 2007. Google ScholarDigital Library
- A. Kapadia, N. Triandopoulos, C. Cornelius, D. Peebles, and D. Kotz. AnonySense: Opportunistic and privacy-preserving context collection. In Proceedings of the Sixth International Conference on Pervasive Computing (Pervasive), May 2008. Google ScholarDigital Library
- J. Krumm. Inference attacks on location tracks. In Proceedings of the Fifth International Conference on Pervasive Computing (Pervasive), volume 4480 of LNCS, pages 127--143. Springer-Verlag, May 2007. Google ScholarDigital Library
- Mobile Phone Work Group, Trusted Computing Group. https://www.trustedcomputinggroup.org/groups/mobile.Google Scholar
- U. Möller, L. Cottrell, P. Palfrader, and L. Sassaman. Mixmaster Protocol - Version 2. IETF Internet Draft, July 2003.Google Scholar
- Mongrel. http://mongrel.rubyforge.org/. Available on the web.Google Scholar
- E. Nakashima. Cellphone tracking powers on request: Secret warrants granted without probable cause. Washington Post, page A01, 23 November 2007.Google Scholar
- Open street map. http://www.openstreetmap.org/. Available on the web.Google Scholar
- J. Pang, B. Greenstein, R. Gummadi, S. Seshan, and D. Wetherall. 802.11 user fingerprinting. In Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking (MobiCom), pages 99--110. ACM Press, Sept. 2007. Google ScholarDigital Library
- O. Riva and C. Borcea. The Urbanet revolution: Sensor power to the people! IEEE Pervasive Computing, 6(2):41--49, 2007. Google ScholarDigital Library
- Microsoft Research SenseWeb project, 2007. http://research.microsoft.com/nec/senseweb/.Google Scholar
- T. Simonite. Cellphones team up to become smart CCTV swarm. New Scientist, 31 October 2007.Google Scholar
- Skyhook wireless, 2007. http://www.skyhookwireless.com/.Google Scholar
- L. Sweeney. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness, and Knowledge-Based Systems, 10(5):557--570, October 2002. Google ScholarDigital Library
- K. P. Tang, J. Fogarty, P. Keyani, and J. I. Hong. Putting people in their place: An anonymous and privacy-sensitive approach to collecting sensed data in location-based applications. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI), pages 93--102, 2006. Google ScholarDigital Library
- TCG Mobile Trusted Module Specification, Revision 1. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-trusted-module-1.0.pdf.Google Scholar
- Trusted Computing Group (TCG), May 2005. https://www.trustedcomputinggroup.org/home.Google Scholar
- P. P. Tsang, M. H. Au, A. Kapadia, and S. W. Smith. Blacklistable anonymous credentials: Blocking misbehaving users without TTPs. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pages 72--81, 2007. Google ScholarDigital Library
- Urban atmospheres project, 2007. http://www.urban-atmospheres.net.Google Scholar
- W. Wang, V. Srinivasan, and M. Motani. Adaptive contact probing mechanisms for delay tolerant applications. In Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking (MobiCom), pages 230--241. ACM, Sept. 2007. Google ScholarDigital Library
Index Terms
- Anonysense: privacy-aware people-centric sensing
Recommendations
AnonySense: A system for anonymous opportunistic sensing
We describe AnonySense, a privacy-aware system for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing tasks to be distributed across participating ...
Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection
The massive amount of sensitive survey data about individuals that agencies collect and share through the Internet is causing a great deal of privacy concerns. These concerns may discourage individuals from revealing their sensitive information. ...
Doxing: a conceptual analysis
Doxing is the intentional public release onto the Internet of personal information about an individual by a third party, often with the intent to humiliate, threaten, intimidate, or punish the identified individual. In this paper I present a conceptual ...
Comments