A. Contribution

  1. Problem addressed by the paper

Privacy preserving framework for large scale applications involving participatory mobile sensing.

  1. Solution proposed in the paper. Why is it better than previous work?

The paper claims as the first secure implementation of this participatory sensing model. It relies on Mixmaster protocol to delay and mix mobile nodes incoming and outgoing messages to make them anonymous (harder to be distinguished).

  1. The major results.

Evaluation was done using experiments and through two applications: An Wifi rogue access point detector and lost-object finder. Their evaluation show that AnonySense’s privacy-aware tasking system can work efficiently, that it, consuming little CPU time, network bandwidth, and battery energy.

B. Basic idea and approach. How does the solution work?

A collection of sensor equipped mobile nodes (MNs) register as volunteers with the registration authority (RA). The RA also certifies the authenticity of the task service (TS) and report service (RS). Applications (App) submit tasks to the task service; the MNs occasionally download new tasks from the TS using the Internet and any handy wireless access point (AP). The task specifies when the MN should sense information, and under what conditions to submit reports. MNs report sensed data via any AP and through a Mix network (MIX), such that the report eventually arrives at the RS. At its convenience, the App fetches the data from the RS.


C. Strengths

  1. It has been cited by 256 following papers. It suggests that this is an important pioneer work on the topic.
  2. The authors continually working on this topic and have published several improvement publications following this work.

D. Weaknesses

  1. It does not consider denial of service attack yet. This could be done by overloading the server with huge number of tasks/reports. It could be prevented by limiting number of reports that can be generated by a specific mobile node.
  2. It is still possible for an attacker to track a specific mobile node by monitoring RF (radio frequency) characteristics.
  3. It is possible for cellular provider or an adversary who can access some cellular provider features to abuse this system.
  4. It does not handle missing partial data that can be caused by lost of communication signal during transmission. Will it be removed from the data or be sent again?
  5. It cannot deal with adversaries that tamper with the mobile nodes data physically.

E. Future work, Open issues, possible improvements

  1. It should be compared to privacy measurements available in Google’s Waze app. Waze invites users to share traffic information and lets other users to benefit from that information.
  2. It could be further improved by incorporating differential privacy techniques.