Review for JZT20
[JZT20]
A Verifiable and Privacy-Preserving Multidimensional Data Aggregation Scheme in Mobile Crowdsensing
(Transactions on Emerging Telecommunications Technologies)
"Moreover, the cloud platform is not fully trusted, and it is challenging to verify the correctness of data aggregation results."
Introduction
MCS (Mobile Crowdsensing) :
- mobile users: collect data, submit them to the cloud platforms
- cloud platforms: provide computing services
- goals: analysis of sensory data collected by MCS, monitor the real physical world in real-time
- instances: real-time analysis and navigation, environmental monitoring, medical monitoring
- issues: security, efficiency
Research Gap:
- traditional data aggregation has a common drawback because it can only capture the sum of a single data type
- users' data and location privacy, collusive attack (user-side)
- although the previous work can protect data privacy, it does not support either result verification in MCS
Outlines:
- we use a lightweight data masking privacy-preserving method combined with bilinear mapping to achieve verifiable privacy-preserving data aggregation
- multidimensional data and location privacy
- result verifiability
- failure-robust
Related Work
- data masking is more efficient than homomorphic encryption
Proposed Scheme
three-party model:
- task requester
- cloud platform
- mobile users
System parameters:
- bilinear mapping \hat{e}:\mathbb{G}_1 \times \mathbb{G}_2 \to \mathbb{G}_T
- g and g' are the generator of \mathbb{G}_1 and \mathbb{G}_2
Task requester:
- random number \delta \in \mathbb{F}_p^*, g'' = g' ^{\delta}
- publish (\mathbb{G}_1, \mathbb{G}_2, \mathbb{G}_T), p, g, g', g''
- random vector b\in F_p^{*n}, h=(h_1,\ldots, h_n), where \{h_i = g^{\delta + b_i}\}
- PK = (PK_1, PK_2, \ldots, PK_n), PK_i = \hat{e}(g^{b_i}, g')
Cloud platform:
- k-dimensional data: (m_1, m_2, \ldots, m_k)
- m-disjoint areas: (z_1, z_2, \ldots, z_m)
For user u_i \in U:
- two public-private key pairs (s_i^{sk}, s_i^{pk}), (c_i^{sk}, c_i^{pk})
- other uses' public key information, such as (u_j, s_j^{pk}, c_j^{pk})