Security analysis of mobile crowd sensing applications

Abstract The proliferation of mobile phones with integrated sensors makes large scale sensing possible at low cost. During mobile sensing, data mostly contain sensitive information of users such as their real-time location. When such information are not effectively secured, users’ privacy can be violated due to eavesdropping and information disclosure. In this paper, we demonstrated the possibility of unauthorized access to location information of a user during sensing due to the ineffective security mechanisms in most sensing applications. We analyzed 40 apps downloaded from Google Play Store and results showed a 100% success rate in traffic interception and disclosure of sensitive information of users. As a countermeasure, a security scheme which ensures encryption and authentication of sensed data using Advanced Encryption Standard 256-Galois Counter Mode was proposed. End-to-end security of location and motion data from smartphone sensors are ensured using the proposed security scheme. Security analysis of the proposed scheme showed it to be effective in protecting Android based sensor data against eavesdropping, information disclosure and data modification.

[1]  Klara Nahrstedt,et al.  Quality of Information Aware Incentive Mechanisms for Mobile Crowd Sensing Systems , 2015, MobiHoc.

[2]  Glenn A. Fink,et al.  Security and Privacy in Cyber-Physical Systems , 2017 .

[3]  Daqiang Zhang,et al.  Cloud-Assisted Mobile Crowd Sensing for Traffic Congestion Control , 2017, Mob. Networks Appl..

[4]  Burak Kantarci,et al.  Anchor-Assisted and Vote-Based Trustworthiness Assurance in Smart City Crowdsensing , 2016, IEEE Access.

[5]  Giovanni Vigna,et al.  Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners , 2010, DIMVA.

[6]  Paolo Bellavista,et al.  Scalable and Cost-Effective Assignment of Mobile Crowdsensing Tasks Based on Profiling Trends and Prediction: The ParticipAct Living Lab Experience , 2015, Sensors.

[7]  Luca Foschini,et al.  Crowdsensing with Social Network-Aided Collaborative Trust Scores , 2014, GLOBECOM 2014.

[8]  Klara Nahrstedt,et al.  INCEPTION: incentivizing privacy-preserving data aggregation for mobile crowd sensing systems , 2016, MobiHoc.

[9]  Xiaohua Tian,et al.  Quality-Driven Auction-Based Incentive Mechanism for Mobile Crowd Sensing , 2015, IEEE Transactions on Vehicular Technology.

[10]  Reza Curtmola,et al.  Mobile Crowd Sensing , 2015 .

[11]  Fan Ye,et al.  Mobile crowdsensing: current state and future challenges , 2011, IEEE Communications Magazine.

[12]  Liang Liu,et al.  Urban Resolution: New Metric for Measuring the Quality of Urban Sensing , 2015, IEEE Transactions on Mobile Computing.

[13]  Sabina Jeschke,et al.  Mobile Crowd‐Sensing for Smart Cities , 2017 .

[14]  Xi Fang,et al.  Incentive Mechanisms for Crowdsensing: Crowdsourcing With Smartphones , 2016, IEEE/ACM Transactions on Networking.

[15]  Luca Foschini,et al.  Quantifying User Reputation Scores, Data Trustworthiness, and User Incentives in Mobile Crowd-Sensing , 2017, IEEE Access.

[16]  Zbigniew Kotulski,et al.  CMAC, CCM and GCM/GMAC: Advanced modes of operation of symmetric block ciphers in wireless sensor networks , 2010, Inf. Process. Lett..

[17]  Huadong Ma,et al.  Opportunities in mobile crowd sensing , 2014, IEEE Communications Magazine.

[18]  Mohsen Guizani,et al.  User privacy and data trustworthiness in mobile crowd sensing , 2015, IEEE Wireless Communications.

[19]  Baik Hoh,et al.  Dynamic pricing incentive for participatory sensing , 2010, Pervasive Mob. Comput..

[20]  Manmeet Mahinderjit Singh,et al.  Automatic Annotation of Unlabeled Data from Smartphone-Based Motion and Location Sensors , 2018, Sensors.

[21]  Song Guo,et al.  CACC: A context-aware congestion control approach in smartphone networks , 2014, IEEE Communications Magazine.

[22]  Emiliano Miluzzo,et al.  A survey of mobile phone sensing , 2010, IEEE Communications Magazine.

[23]  Bernd Freisleben,et al.  Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[24]  Jin Li,et al.  Location-Sharing Systems With Enhanced Privacy in Mobile Online Social Networks , 2017, IEEE Systems Journal.

[25]  Mihir Bellare,et al.  Incremental Cryptography: The Case of Hashing and Signing , 1994, CRYPTO.

[26]  Tom H. Luan,et al.  Queuing Algorithm for Effective Target Coverage in Mobile Crowd Sensing , 2017, IEEE Internet of Things Journal.

[27]  Paulo S. L. M. Barreto,et al.  Survey and comparison of message authentication solutions on wireless sensor networks , 2013, Ad Hoc Networks.

[28]  Michael McCarthy,et al.  Experts warn on data security in health and fitness apps , 2013, BMJ : British Medical Journal.

[29]  Yunhao Liu,et al.  Incentives for Mobile Crowd Sensing: A Survey , 2016, IEEE Communications Surveys & Tutorials.

[30]  Burak Kantarci,et al.  SONATA: Social Network Assisted Trustworthiness Assurance in Smart City Crowdsensing , 2016, Int. J. Distributed Syst. Technol..

[31]  Klara Nahrstedt,et al.  Security Concerns in Android mHealth Apps , 2014, AMIA.

[32]  Daqing Zhang,et al.  4W1H in mobile crowd sensing , 2014, IEEE Communications Magazine.

[33]  Ahmad-Reza Sadeghi,et al.  Practical and lightweight domain isolation on Android , 2011, SPSM '11.