| With the ubiquity of mobile devices and the advances of Internet of Things(IoT)technolo-gies,an increasing number of mobile devices with poweful sensing and computing capacities have been engaged in data sensing and aggregation,after which,the sensed big data are out-sourced to diverse cloud platforms for data-centric services.Conceptually,the aforementioned phenomenon has given rise to a crowdsensing- and cloud-based novel data sensing and service paradigm for IoT.In this new paradigm,the IoT crowdsensing data have traversed different pro-cess,including data collection,data aggregation,and data services.Specifically,data are first sensed and collected in a distributed manner by various IoT sensing nodes(i.e.,mobile devices),and then are transmitted via different network medium such as 4G/5G,WIFI,or aggregated by leveraging fog nodes or edge computing.The collected raw data or aggregated data are finally outsourced to the back-end data center(i.e.,cloud)for a wide spectrum of data services such as data query and query verification.However,many remarkable differences from traditional IoT data,including the distinct network and service scenarios,the participating subjects and the service objects,pose more se-vere security and privacy threats to the IoT crowdsensing data.For example,the openness of networks and the diversity of participants make it hard to guarantee the quality of sensed data collected by less reliable or malicious participants.Moreover,as private and public clouds,re-spectively,the intermediate fog nodes and the back-end clouds are generally semi-honest(i.e.,honest-but-curious)or even malicious,the data confidentiality and service correctness should be guaranteed without compromising the data utility.Although much related work has focused on solving the security and privacy issues in different phases,there still lacks a holistic consid-eration of different service requirements.In this thesis,we systematically consider the security and privacy protection requirements in different phases of the crowdsensing-based IoT with distinct models and assumptions.The main issues solved and the corresponding contributions are summarized as follows.(1)For secure data collection,we propose a privacy-aware and trustworthy mobile crowd-sensing mechanism,which serves as the basis to ensure the data authenticity and data quality in the following data aggregation and services.Instead of solving three crucial issues separately as in existing researches,we simultaneously ensure user privacy,data trustworthiness,and incen-tive provision by seemlessly integrating the group signature,limited pseudonym,and(partially)blind signature technologies.The proposed scheme enables benign users to anonymously par-ticipate in tasks and prevents malicious users from abusing anonymity protection.Specifically,an anonymous trust and reputation management model is build to evaluate the data trust and user reputation,based on which,the low-quality data and low-reputation users can be evicted to improve the data trustworthiness.Furthermore,we design a fair reward allocation strategy based on both data quality and reputation feedback,which stimulates users to contribute more trustworthy data.Theoretical analysis shows that the proposed scheme achieves the predefined security goals,meanwhile extensive experiments demonstrate its effectiveness and efficiency,especially on the user side.(2)For secure data aggregation,we proposed a fog-assisted privacy-aware task allocation and data aggregation scheme.The proposed scheme remedies the privacy disclosure and expen-sive cost limitations in existing researches.The novel fog-assisted crowdsensing model enables more accurate and efficient task allocation and data aggregation in a two-step manner,which re-duces the heavy overhead at the server when dealing with a large volume of data.As to privacy,leveraging the bilinear pair and oblivious transfer,we design a privacy-aware task allocation protocol,in which the task content and task preference privacy are both protected.Furthermore,we carefully elaborate some secure data aggregation protocols using homomorphic encryption,supporting the classic statistic computations on encrypted data,including summation,average,variance,and minimum/maximum.Finally,theoretical analysis and experimental evaluations both show the security and efficiency of our proposed scheme.(3)For secure query processing at the cloud,targeting the location-based services,we propose a hilbert-curve transformation-based secure k nearest neighbor query scheme against a semi-honest server.Unlike prior work,we introduce two non-collusive servers which follow the duty-separation principle by separating computation from storage.The two-server model eases the heavy burden and meanwhile enhances the system security.Moreover,we create two encrypted indices based on hilbert curve,AES,and mutable order-preserving encryption,which enable fast and coarse-grained query processing at servers while protecting the privacy of both data owner and the query user.By employing the secure computation comparison protocol,we further perform the fine-grained query processing via a few interations between server and user.Security analysis shows that our scheme is robust to resist against ciphertext-only and estimation attacks.The experiments also demonstrate that our scheme presents better efficiency than existing solutions.(4)For query verification issues,we target the complicated multi-dimensional top-k query and propose two secure and efficient query verification schemes against a malicious server.Based on the dominant graph,we design an efficient dominant verification graph as the data verification structure.The structure supports efficient top-k query processing and verification on multi-dimensional data.In contrast to the basic scheme,the optimized scheme further re-duces the user-side computation cost via Merkle hash tree.Security analysis shows that both schemes can detect the replacement and deletion attacks.Extensive experiments also validate the correctness of theoretical analysis. |
PDF Full Text Request