Adversaries and countermeasures in privacy-enhanced urban sensing systems

Abstract

Modern digital society is increasingly dependent on the availability of massive amounts of information. It relies on the interconnection of heterogeneous components and encompasses assorted actors, entities, systems, and a variety of (often mobile) computing devices. Revolutionary computing paradigms, such as People-Centric Urban Sensing, have focused on the seamless collection of meaningful data from a large number of devices. The increasing complexity of deployed urban systems and related infrastructures, along with the growing amount of information collected, prompts a number of challenging security and privacy concerns. In this paper, we explore a number of scenarios where nodes of an Urban Sensing system are subject to individual queries. In this setting, multiple users and organizations (e.g. infrastructure operators) co-exist, but they may not trust each other to the full extent. As a result, we address the problem of protecting (i) secrecy of reported data and (ii) confidentiality of query interests from the prying eyes of malicious entities. We introduce a realistic network model and study different adversarial models and strategies, distinguishing between resident and non-resident adversaries, considering both randomly distributed and local attackers. For each of them, we propose a distributed privacy-preserving technique and evaluate its effectiveness via analysis and simulation. Our techniques are tunable, trading off the level of privacy assurance with a small overhead increase, and independent from the complexity of the underlying infrastructures. We additionally provide a relevant improvement of data reliability and availability, while relying only on standard symmetric cryptography. The practicality of our proposals is demonstrated both analytically and experimentally.