Aggregating Crowd Wisdom via Blockchain: A Private, Correct, and Robust Realization

Crowdsensing, driven by the proliferation of sensor-rich mobile devices, has emerged as a promising data sensing and aggregation paradigm. Despite useful, traditional crowdsensing systems typically rely on a centralized third-party platform for data collection and processing, which leads to concerns like single point of failure and lack of operation transparency. Such centralization hinders the wide adoption of crowdsensing by wary participants. We therefore explore an alternative design space of building crowdsensing systems atop the emerging decentralized blockchain technology. While enjoying the benefits brought by the public blockchain, we endeavor to achieve a consolidated set of desirable security properties with a proper choreography of latest techniques and our customized designs. We allow data providers to safely contribute data to the transparent blockchain with the confidentiality guarantee on individual data and differential privacy on the aggregation result. Meanwhile, we ensure the service correctness of data aggregation and sanitization by delicately employing hardware-assisted transparent enclave. Furthermore, we maintain the robustness of our system against faulty data providers that submit invalid data, with a customized zero-knowledge range proof scheme. The experiment results demonstrate the high efficiency of our designs on both mobile client and SGX-enabled server, as well as reasonable on-chain monetary cost of running our task contract on Ethereum.

[1]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[2]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[3]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[4]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[5]  Ivan Damgård,et al.  Client/Server Tradeoffs for Online Elections , 2002, Public Key Cryptography.

[6]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[7]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[8]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[9]  Kouichi Sakurai,et al.  Distributed Paillier Cryptosystem without Trusted Dealer , 2010, WISA.

[10]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[11]  George Danezis,et al.  Privacy-Friendly Aggregation for the Smart-Grid , 2011, PETS.

[12]  Cong Wang,et al.  Towards Secure and Effective Utilization over Encrypted Cloud Data , 2011, 2011 31st International Conference on Distributed Computing Systems Workshops.

[13]  Fan Ye,et al.  Mobile crowdsensing: current state and future challenges , 2011, IEEE Communications Magazine.

[14]  Thomas Schneider,et al.  Engineering Secure Two-Party Computation Protocols , 2012, Springer Berlin Heidelberg.

[15]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[16]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[17]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[18]  Cong Wang,et al.  Enabling Privacy-Preserving Image-Centric Social Discovery , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[19]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[20]  Cong Wang,et al.  A privacy-aware cloud-assisted healthcare monitoring system via compressive sensing , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[21]  Zhu Wang,et al.  Mobile Crowd Sensing and Computing , 2015, ACM Comput. Surv..

[22]  Bolun Wang Defending against Sybil Devices in Crowdsourced Mapping Services , 2015 .

[23]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[24]  Andrew J. Blumberg,et al.  Verifying computations without reexecuting them , 2015, Commun. ACM.

[25]  Chenglin Miao,et al.  Cloud-Enabled Privacy-Preserving Truth Discovery in Crowd Sensing Systems , 2015, SenSys.

[26]  Husnu S. Narman,et al.  A Survey of Mobile Crowdsensing Techniques , 2018, ACM Trans. Cyber Phys. Syst..

[27]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[28]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions: EPID Provisioning and Attestation Services , 2016 .

[29]  Gang Wang,et al.  Poster: Defending against Sybil Devices in Crowdsourced Mapping Services , 2016, MobiSys '16 Companion.

[30]  Matthias Schunter,et al.  Intel Software Guard Extensions: Introduction and Open Research Challenges , 2016, SPRO@CCS.

[31]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[32]  Úlfar Erlingsson,et al.  Prochlo: Strong Privacy for Analytics in the Crowd , 2017, SOSP.

[33]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[34]  Chenglin Miao,et al.  A lightweight privacy-preserving truth discovery framework for mobile crowd sensing systems , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[35]  Fan Zhang,et al.  Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[36]  Daniel Gruss,et al.  Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory , 2017, USENIX Security Symposium.

[37]  Dan Boneh,et al.  Prio: Private, Robust, and Scalable Computation of Aggregate Statistics , 2017, NSDI.

[38]  E. Praganavi,et al.  EFFICIENT AND PRIVACY-AWARE DATA AGGREGATION IN MOBILE SENSING , 2017 .

[39]  Cong Wang,et al.  Learning the Truth Privately and Confidently: Encrypted Confidence-Aware Truth Discovery in Mobile Crowdsensing , 2018, IEEE Transactions on Information Forensics and Security.

[40]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[41]  Dawn Xiaodong Song,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution , 2018, ArXiv.

[42]  Rüdiger Kapitza,et al.  Blockchain and Trusted Computing: Problems, Pitfalls, and a Solution for Hyperledger Fabric , 2018, ArXiv.

[43]  Scott Russell,et al.  The EU General Data Protection Regulation (GDPR) , 2018 .

[44]  Yuan Lu,et al.  ZebraLancer: Private and Anonymous Crowdsourcing System atop Open Blockchain , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[45]  Mic Bowman,et al.  Private Data Objects: an Overview , 2018, ArXiv.

[46]  Pascal Felber,et al.  IBBE-SGX: Cryptographic Group Access Control Using Trusted Execution Environments , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[47]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[48]  Robert H. Deng,et al.  CrowdBC: A Blockchain-Based Decentralized Framework for Crowdsourcing , 2019, IEEE Transactions on Parallel and Distributed Systems.

[49]  Chenglin Miao,et al.  Towards Differentially Private Truth Discovery for Crowd Sensing Systems , 2018, 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS).

[50]  Cong Wang,et al.  Privacy-Aware and Efficient Mobile Crowdsensing with Truth Discovery , 2020, IEEE Transactions on Dependable and Secure Computing.