Achieving Trust-Based and Privacy-Preserving Customer Selection in Ubiquitous Computing
Chuan Zhang, Liehuang Zhu, Chang Xu, Kashif Sharif, Ximeng Liu,, Xiaojiang Du, Mohsen Guizani

TL;DR
This paper introduces TPCS, a trust-based, privacy-preserving customer selection scheme for ubiquitous computing that ensures reliable task assignment while protecting data processors' identities using cryptographic techniques.
Contribution
The paper proposes a novel trust-based customer selection scheme that integrates privacy preservation and security features for ubiquitous computing environments.
Findings
TPCS effectively identifies trustworthy customers with high accuracy.
The scheme maintains privacy of data processors through cryptographic methods.
Security analysis confirms robustness against various attacks.
Abstract
The recent proliferation of smart devices has given rise to ubiquitous computing, an emerging computing paradigm which allows anytime & anywhere computing possible. In such a ubiquitous computing environment, customers release different computing or sensing tasks, and people, also known as data processors, participate in these tasks and get paid for providing their idle computing and communication resources. Thus, how to select an appropriate and reliable customer while not disclosing processors' privacy has become an interesting problem. In this article, we present a trust-based and privacy-preserving customer selection scheme in ubiquitous computing, called TPCS, to enable potential processors select the customers with good reputation. The basic concept of TPCS is that each data processor holds a trust value, and the reputation score of the customer is calculated based on processors'…
| Notation | Definition | Value |
|---|---|---|
| security parameter | ||
| Generator of Bilinear Pairing | ||
| Generator of Paillier cryptosystem | ||
| number of customers | ||
| number of processors | ||
| malicious processor proportion | ||
| initial trust value | ||
| reward sensitivity | 0.1 | |
| forgetting factor | 0.85 | |
| impact factor parameter | ||
| number of iterations | 10 | |
| threshold which triggers set update | 0.5 | |
| threshold which triggers reward | 0.2 | |
| threshold which triggers circuit-breaker |
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Privacy-Preserving Technologies in Data · Privacy, Security, and Data Protection
Achieving Trust-Based and Privacy-Preserving Customer Selection in Ubiquitous Computing
Chuan Zhang
Liehuang Zhu
Chang Xu
Kashif Sharif
Ximeng Liu
Xiaojiang Du
Mohsen Guizani
Beijing Engineering Research Center of Massive Language Information Processing and Cloud Computing Application, School of Computer Science and Technology, Beijing Institute of Technology, Beijing, China.
School of Information Systems, Singapore Management University and College of Mathematics and Computer Science, Fuzhou University.
Department of Computer and Information Sciences, Temple University, Philadelphia, USA.
Department of Electrical and Computer Engineering, University of Idaho, Moscow, Idaho, USA.
Abstract
The recent proliferation of smart devices has given rise to ubiquitous computing, an emerging computing paradigm which allows anytime & anywhere computing possible. In such a ubiquitous computing environment, customers release different computing or sensing tasks, and people, also known as data processors, participate in these tasks and get paid for providing their idle computing and communication resources. Thus, how to select an appropriate and reliable customer while not disclosing processors’ privacy has become an interesting problem. In this article, we present a trust-based and privacy-preserving customer selection scheme in ubiquitous computing, called TPCS, to enable potential processors select the customers with good reputation. The basic concept of TPCS is that each data processor holds a trust value, and the reputation score of the customer is calculated based on processors’ trust values and feedbacks via a truth discovery process. To preserve processors’ privacy, pseudonyms and Paillier cryptosystem are applied to conceal each processor’s real identity. In addition, three authentication protocols are designed to ensure that only the valid data processors (i.e., the processors registering in the system, holding the truthful trust values, and joining the computing tasks) can pass the authentication. A comprehensive security analysis is conducted to prove that our proposed TPCS scheme is secure and can defend against several sophisticated attacks. Moreover, extensive simulations are conducted to demonstrate the correctness and effectiveness of the proposed scheme.
keywords:
Ubiquitous computing, trust, privacy-preserving, selection
††journal: Information Sciences
1 Introduction
Nowadays, the fast development of smart devices (e.g., vehicles [45, 47], implantable medical devices [12, 13], wearable devices [19]) embedded with increasingly powerful computational and communication resources, has given rise to ubiquitous computing, a revolutionary computing paradigm which integrates surrounding devices to provide numerous novel services at anytime, anywhere, and by any means [25]. In ubiquitous computing, all objects (e.g., smart devices, human bodies, wireless sensors) can be considered as computers or data processors. These objects, besides serving themselves, can also participate in different computing tasks released by the resource-constrained customers (e.g., individual users, companies, organizations), and get paid by providing their idle resources. By doing so, ubiquitous computing is able to greatly make use of surrounding idle resources and drastically change the ways we live and obtain services.
Although many benefits can be gained by ubiquitous computing, some new challenges arise. Since the processors will run automatically under the control of the customers, the reliability of customers is particularly important. Some customers may unintentionally or intentionally abuse processors’ resources, give unexpected reward, or even put processors in dangerous situations. For instance, by utilizing the computing capacities of surrounding vehicles, traffic problems such as route navigation or environmental monitoring can be resolved. However, some malicious customers may give rewards which do not match processors’ workloads, or collect vehicles’ private information such as location and driving habits. Thus, it is essential to identify such customers before joining a ubiquitous computing task. Normally, the performances of customers can be judged by processors’ feedbacks [14, 15]. However, the problem here is that the feedbacks given by different processors may vary significantly due to different working loads, incomplete views of observations, or even malicious evaluations. When aggregating these feedbacks, traditional methods such as voting or averaging, which treat all processors equally are not suitable.
An ideal approach to resolve the above challenge is to involve trust values for all processors and make the aggregated reputation scores closed to the feedbacks provided by reliable processors. Nevertheless, another critical issue which must be addressed is the privacy of processors. Although pseudonymous [39] and anonymous authentication [16, 41] can be used to conceal processor’s identity information, processors’ location and trajectory privacy may still be disclosed by linking their trust values. To illustrate, we consider a scenario in Fig. 1. At time , two processors (i.e., the cell phone and the vehicle) join a task, and at time and , they join different tasks respectively. Although their pseudonyms have been changed, their trust values (i.e., and ) remain unchanged in a certain period of time. By linking their trust values, the trajectories of the processors can be easily reconstructed. Hence, it is important to design a trust-based customers selection scheme which does not sacrifice processors’ privacy.
In order to address the above challenges, we present a trust-based and privacy-preserving customer selection scheme, called TPCS, to rank the customers according to processors’ feedbacks while not disclosing their privacy. The general process of TPCS can be described as follows. After finishing a ubiquitous task, processors deliver their feedbacks and encrypted trust values to the roadside units (RSUs), which will collaborate with the Service Provider (SP) to calculate the customer’s reputation score using a truth discovery method. During the whole process, processors’ privacy will not be disclosed to any other parties. Below, we have summarized the major contributions of this work.
First, we design a filtering truth discovery based evaluation algorithm to process the feedback information received from processors. By this algorithm, the proposed scheme can effectively estimate the performances of customers and processors. This allows optimal selection of customer in a ubiquitous computing environment.
- 2.
Second, we use pseudonyms and Paillier cryptosystem to protect data processors’ privacy. Moreover, three authentication protocols are designed to ensure that only the legitimate processors can pass the authentication. To the best of our knowledge, our work is the first attempt to resolve the security and privacy issues in customers selection in the ubiquitous computing environment.
- 3.
Third, we conduct a comprehensive security analysis to demonstrate that the scheme presented is not only secure, but can also defend against different sophisticated attacks. Additionally, extensive simulations are performed to validate the correctness & effectiveness of TPCS.
The rest of paper has been organized into 8 sections, where system and threat model along with design goals have been discussed in section 2, followed by preliminary discussion in Section 3. The TPCS scheme functionality is explained in section 5, and its security analysis & evaluation are presented in section 6. Related works and conclusion are detailed in sections 7 and 8 respectively.
2 Models and Design Goal
In order to better present the proposed scheme, we first describe the system model, and give details of the threat model. Based on these, we develop the design goals of our proposed scheme.
2.1 System Model
The overall model considers a typical scenario of ubiquitous computing. The RSUs are widely deployed in a given area, and all customers and processors can communicate with RSUs through their communication resources. Particularly, the system consists of a trust authority (TA), RSUs, a service provider (SP), customers, and processors, as shown in Fig. 2.
Trust Authority (TA): This entity is in charge of all participating parties, and also maintains a database to store processors’ trust values. We assume that it is fully capable of storing and performing computation on data generated by other entities. After receiving processors’ trust values, it can predict their future behaviors based on historical data.
- 2.
Service Provider (SP): SP connects all RSUs and stores feedbacks and trust values sent from these roadside units. Upon receiving the data, SP executes a truth discovery based evaluation algorithm to calculate the reputation scores for customers. Similarly, for the query of a potential processor for the task join request, SP can respond it by recommending the customers with high reputation scores.
- 3.
Roadside Units (RSUs): RSUs are subordinates of SP. They are widely deployed and can cover a wide area. They collect processors’ feedbacks and trust values, and then forward them to SP. In particular, they have limited computation capacities, which ensures that they can authenticate processors’ identities and perform aggregation operations.
- 4.
customers: customers can be companies, individual processors, vehicles, and organizations. They have insufficient computation and communication capabilities to perform the tasks by themselves, so they give benefits to hire processors to help them finish their tasks.
- 5.
Processors: Each processor is embedded with computation and communication units which enable them automatically perform the sensing, computation, and communication tasks received from the customers. After finishing the tasks, each of them will upload its feedback to the nearby RSU for customer evaluation. Besides, the processors update their trust values from TA at regular intervals.
2.2 Threat Model
TA is fully trusted because it generates the public and private keys for all roles. We assume TA is under strong physical protection and cannot be compromised. SP and RSUs are both considered to be honest but curious. In other words, they will honestly perform the given tasks but try to infer processors’ location and trajectory privacy by linking their identities or trust values. Note that, SP and RSU will not collude with each other. This is a common assumption in existing fog-based applications [24, 40, 42]. The customers are supposed to control the whole ubiquitous computing task. However, their performances may vary differently. For any customer, its performance may change constantly in different tasks. As for the processors, they are required to submit their feedbacks and trust values after each task. However, some selfish or malicious processors may provide untruthful feedbacks, or some attackers outside the tasks may give fake feedbacks for their own benefits or with the intention of disrupting the entire system. For example, a healthcare center may hire some processors (e.g., patients’ wearable devices, surrounding vehicles or smartphones) to help it in providing medical care services. However, a competitor, which may be another healthcare center, may maliciously provide negative comments, hoping that the processors would not join the tasks released by this center.
2.3 Design Goals
Using earlier described system model, the goal is to build a trust-based and privacy-preserving customer selection scheme in ubiquitous computing. In particular, the following objectives should be captured.
Privacy: The proposed scheme should preserve processors’ privacy. That is, other parties cannot infer processors’ location and trajectory information based on the given data.
- 2.
Security: The proposed scheme should defend against different sophisticated attacks, such as badmouth attack and on-off attack. In addition, some processors may provide fake trust values and feedbacks. The proposed scheme must be resilient to these attacks.
- 3.
Accuracy: The proposed scheme should accurately calculate the reputation scores of the customers according to processors’ feedbacks. Besides, the scheme should identify malicious and honest processors, and further give prediction of their future trust values.
3 Preliminaries
Bilinear pairing and Paillier cryptosystem are two foundation elements in the proposed scheme. Hence, we introduce them in this section.
3.1 Bilinear Pairing
Let and be two multiplicative cyclic groups of the same large prime order . Then, the following three properties can be satisfied by a bilinear map .
Bilinear: , for all and .
- 2.
Non-degenerated: , for any .
- 3.
Computable: can be efficiently computed for all .
We refer to [1, 6, 38] to provide a more comprehensive description and definition for this technique.
Definition 1
A bilinear parameter generator is a probabilistic algorithm which takes a security number as input, and outputs a 5-tuple , where is a large prime with bits, are two multiplicative groups with the same order , is a generator, and is an efficiently computable bilinear group with the property of non-degeneracy.
Definition 2** (Computational Diffie-Hellman (CDH) Problem)**
Given the elements , there exists no probabilistic and polynomial time algorithm to calculate with non-negligible probability of success.
3.2 Paillier Cryptosystem
This cryptosystem is a form of encryption which supports multiplication operations on the ciphertexts. Due to the homomorphic properties, it has been widely used in various privacy-preserving applications [32]. Fundamentally, it consists of the following three algorithms:
Key Generation: Given a large security parameter , and two large primes , where . Then, and are computed, where is a function to compute the least common multiple of and . Define a function , is calculated as , where is randomly chosen. Then, the public key and secret key are generated as and respectively.
- 2.
Encryption: Given a message , the ciphertext is calculated as , where is randomly chosen.
- 3.
Decryption: Given a ciphertext , the ciphertext can be decrypted as . The correctness and security of the Paillier cryptosystem has been proven in [29].
In particular, the Paillier cryptosystem satisfies the following homomorphic properties:
For any , .
- 2.
For any , .
4 TPCS Scheme
The proposed trust-based and privacy preserving customer selection scheme includes system initialization, system overview, report generation, report aggregation, feedback evaluation, and trust value evaluation.
4.1 System Initialization
Given security parameters and , TA first generates a 5-tuple by executing , and generates the public key and private key of the Paillier cryptosystem. Then, TA selects two secure cryptographic hash functions and , where and . Before joining the system, all customers, processors, and RSUs are required to register themselves with TA. Specifically, TA selects a secure symmetric encryption algorithm by choosing a symmetric key . For every registered customer or processor with its real identity , TA creates a group of pseudonyms , and generates the public and private key pairs as for , where is a random value and . Then, TA selects a secure number to encrypt each processor’s trust value as , where is the current update time and , and then generates the corresponding trust signature as . Note that the trust signature is used to verify if the trust value is fresh. For every registered RSU, TA selects a random element as secret, and calculates the public key as . Finally, TA sends the parameter to each customer or processor, to each RSU, and to SP.
4.2 Scheme Overview
When a processor joins a task, it first creates a handshake proof with the customer to prove that it has joined this task. After finishing the task, both processor and customer are required to generate their own task reports and deliver them to RSU. Then RSU verifies the processor’s validity, i.e., to verify the processor’s task report, handshake proof, and trust value. It then uses processors’ trust values and feedbacks to calculate the customer’s reputation score. Following this, the RSU delivers the reputation score and feedbacks to SP, which will be then used to evaluate the customers’ performances. Finally, SP sends processors’ trust values to TA, and TA will predict their future performances based on the historical data. This complete process is shown in Fig. 3.
4.3 Report Generation
When a processor with finishes a task organized by a customer , it is required to send a task report to the nearby RSU, which is denoted as . Specifically, generates the report, including the customer , task , feedback , and a handshake proof with . The handshake proof is used to prove that whether actually joined the ’s task. This proof is generated as follows.
The customer generates its Paillier Cryptosystem’s public key and the secret key . Then, it broadcasts a random value and its public key to all processors.
- 2.
The processor selects and uses the customer’s homomorphic encryption ( and ) to calculate , which is the ciphertext of . Then, the processor delivers the ciphertext to the customer.
- 3.
After receiving the ciphertext, the customer recovers and calculates the proof as . Accordingly, the processor calculates its proof as .
Then, to prevent the RSU or other attackers linking ’s trust value, selects a random vale to perturb the trust ciphertext as 111In this paper, is not public to the processors, and processors can only use the public key to perturb the ciphertexts.. Accordingly, the trust signature is also recalculated as . After that, uses to generate a signature as , where is the feedback report, and is the trust report. Finally, submits the report to RSU when it finishes the task. Accordingly, uploads its report , where is the total number of processors in the task and .
4.4 Report Aggregation
Upon receiving the reports, RSU first verifies the processor’s signature , i.e., to check whether . If it does hold, the signature is valid and RSU will accept ’s report, since . To improve verification efficiency with less overhead, RSU can perform batch verification as:
[TABLE]
By this way, the verification can be completed by executing only rather than pairing operations.
After the validity checking, RSU will verify ’s handshake proof, i.e., , to check whether it has joined the task. Specifically, RSU verifies . If it holds, the proof is verified, since . Similarly, RSU can also perform batch verification, that is, to check if . The proof is given as follows.
[TABLE]
Besides the above operations, it is also important to check if the trust value, i.e., , is truthful and fresh, as some malicious processors may change their trust values. To achieve this goal, RSU first checks the time stamp , and then checks the trust signature . Specifically, RSU checks if equals to , as . Similarly, RSU can perform batch verification to check . The proof is given as follows.
[TABLE]
RSU performs the following steps to generate the aggregated report.
Step 1. Compute the aggregated weighted data according to as
[TABLE]
[TABLE]
- 2.
Step 2: Use the private key to generate a signature as
[TABLE]
- 3.
Step 3: Deliver the integrated report to SP.
4.5 Reputation Score Evaluation
After receiving the report , SP first validates the report by checking if equals to . Then TA decrypts by using the secret key , and calculates the reputation score as follows.
[TABLE]
Note that, is calculated based on processors’ previous trust values. To evaluate the qualities of processors’ feedbacks in the task , we design a filtering truth discovery based evaluation algorithm. The basic idea is to assign a higher weight to a processor if its data is closer to the reputation score, and the data provided by a processor with higher weight will be more likely to be considered as the truthful reputation score [21, 22, 26, 27, 42]. More specifically, represents the set of processors which belongs to the task , and is updated in each iteration since some processors may be removed. The filtering truth discovery based algorithm is achieved by the following steps.
Data filtering: For a processor , SP calculates the difference between each processor’s feedback and the reputation score, and then removes the processors whose difference is less than a threshold, i.e.,
[TABLE]
where denotes ’s reputation score in the -th iteration.
- 2.
Weight update: SP calculates the difference between each processor’s feedback and the customer’s reputation score, and then updates each processor’s weight based on the aggregated differences. Without loss of generality, we adopt a logarithmic weight function, which has been widely used in truth discovery based applications [26, 42].
[TABLE]
where is a distance function calculated as .
- 3.
Reputation score update: Based on the processors’ weights, the reputation score for the customer can be estimated as
[TABLE]
The above procedures will be iteratively conducted until the change of the reputation score between two consecutive iterations is less than a predefined threshold. Then, SP publishes the customer’s reputation score. The general procedure of the filtering truth discovery based evaluation algorithm is shown in Algorithm 1.
4.6 Trust Value Evaluation
Based on the reputation score, SP can also obtain processors’ new trust values. Motivated by [15], we define a function to measure the qualities of processors’ trust values.
[TABLE]
where is the number of iterations. It is obvious that if there are more malicious processors, will be larger and it will be more difficult to obtain the accurate reputation score. Thus, can be used as a reward for the processors whose feedbacks contribute to the accurate reputation score calculation. Besides, we define another factor to control the reward sensitivity. If the difference between a processor’s feedback and the reputation score is more than a threshold , then the feedback does not make any positive effect on the reputation score and hence the processor will not obtain the reward. Then, SP delivers processors’ trust values to TA.
On receiving the trust values, TA first uses the symmetric key to retrieve processors’ real identities, and then predicts processors’ future trust values according to their historical behaviors. Here, we use the exponential weighted moving average (EMWA) technique to estimate processors’ future behaviors, as it gives more consideration of processors’ most recent performances [33, 34].
[TABLE]
where is an impact factor, and and are the past, current and future trust values respectively .
Note that, some processors may behave well at the beginning to improve their trust values, and behave badly when these values are high enough. To counter the effect of this attack, we further design a trust value circuit-breaker mechanism as:
[TABLE]
From this equation, we can see if the decrease between two consecutive trust values is larger than a predefined threshold, the trust value will be set as the initialized value . Moreover, to punish the on-off attacker, once the circuit-breaker is triggered, the predicted trust value will be decreased as , where is a forgetting factor. In this way, the attacker will take more time to bring its trust value to the previous level.
5 Security Analysis
Before presenting the evaluation, we first discuss the security analysis of our proposed TPCS scheme. In particular, according to the security model discussed earlier, we first focus on how TPCS scheme can achieve processor’s report privacy preservation, authentication and data integrity, and then we discuss some attack strategies and give the resilience analysis against them.
5.1 Security analysis for processor’s report
The processor’s report is privacy-preserving. In this proposed scheme, processor’s trust information is encrypted as a valid Paillier ciphertext if we consider the trust values and as the message , and the random values , , and as . As the Paillier Cryptosystem can defend from the chosen plaintext attack, the trust value achieves semantic security and privacy preservation. Hence, although an adversary may eavesdrop the ciphertext , it cannot identify the original data. After collecting processors’ reports, RSU will compute and to aggregate all reports. However, the RSU or an adversary cannot get each individual’s trust value without the secret key. Finally, SP can recover and as and . Nevertheless, since the decrypted data is aggregated results, it cannot get each individual processor’s trust value . Therefore, the processor’s report is privacy-preserving.
The processor’s report achieves authentication and data integrity. The processor’s report is signed using the BLS short signature [7]. As the BLS signature has been proven to be secure under the CDH problem [5], any malicious behaviors of an adversary can be detected, and accordingly our proposed scheme can guarantee the report’s authentication and data integrity.
5.2 Resilience analysis against attacks launched by adversaries
Resilience to link attack: From TPCS scheme’s perspective, link attack means that an attacker may link a certain to its identity or trust value. To prevent the identity link attack, can change its pseudonym when it joins different tasks, which will make them unlinkable. However, given that the trust value remains unchanged for some time, it may still be linked according to its trust value. In our proposed scheme, does not submit its original trust values directly to the RSU. Instead, the trust value is encrypted, and changes the ciphertext by multiplying a random value when it takes part in a different task (i.e., ). Besides, although SP owns the secret key , it still cannot trace any individual processor as the encrypted trust values have been aggregated in RSU before uploading to SP.
Resilience to fake trust value attack: In this scheme, the trust value is encrypted and hence the processor has no method to know its real trust level. However, some malicious processor may provide a fake trust value by colluding with other processors or using its previous data. In such a case, our scheme is still effective as we use time stamp to generate the trust ciphertext and trust signature, i.e., ( ). Specifically, for the first collusion attack ( is in collusion with for example), submits its falsified trust report as , . Since , this malicious manipulation will be identified by RSU. For the second reply attack, submits its previous trust report , . Also, it still cannot pass the authentication, as .
Resilience to badmouth attack: From TPCS scheme’s perspective, a badmouth attack means that the attackers may always provide low feedbacks for customers. Specifically, the badmouth attackers can be categorized into internal and external attackers. For the external badmouth attackers, we design report authentication and handshake protocols to ensure that only the valid processors which register with the system and join the task can pass the authentication. For the internal badmouth attackers, the proposed scheme incorporates a filtering truth discovery based reputation evaluation algorithm to distinguish among truths which deviate from ground truth.
Resilience to on-off attack: In the proposed scheme, an on-off attack means that some malicious processors may perform well to hide themselves before launching attacks. When they attain high trust values, they launch attacks and then remain dormant for a certain time period to regain their trust. This attack is hard to defend against using the traditional methods. In our scheme, we design a circuit-breaker mechanism to handle this problem, which is motivated by a common human nature that people make great efforts to build up trust values and some bad behaviors will destroy them. Specifically, we define a , and once the decrease of two consecutive trust values is larger than the predefined threshold, the circuit-breaker will be triggered. Besides, to punish the on-off attacker, its trust value will be decreased by multiplying a forgetting factor in a long time. That is, the attacker will take a long time to build up its trust value to the previous level. Thus, our proposed scheme mitigates the on-off attack.
6 Performance Evaluation
Here, we evaluate the performance of TPCS scheme in terms of efficiency and effectiveness in task selection. The proposed scheme is implemented in Java, and all experiments are conducted on a system with Intel Core i7 2.5 GHz processor and 16GB RAM. The detailed parameter setting is shown in Table 1.
6.1 Efficiency Analysis
In this experiment, the aim is to evaluate the efficiency of TPCS scheme in terms of authentication and ciphertexts aggregation. Every experiment is executed 10 times and the average result is used for analysis. Note that, in the proposed scheme, three authentication protocols (i.e., report authentication, handshake authentication, trust authentication) are designed for processors’ verification. Fig. 4 illustrates the computational cost of the authentication varying against the number of processors. As can be seen, since we use batch verification in each authentication, the verification is finished with fewer pairing operations, and accordingly the running time is much less as compared to no batch verification. In Fig. 5, we plot the running time of ciphertexts aggregation. From this figure, we can observe that as the number of processors increases, our scheme can efficiently perform the ciphertexts aggregation. This is evident from the fact that only 317 ms is required to execute the ciphertext aggregation for 500 processors.
6.2 Effectiveness Analysis
In order to analyze the correctness of the system, we vary the percentage of malicious processors. The malicious processors will provide untruthful feedbacks, that is, their feedbacks are much higher or lower than the truthful evaluation. All processors are initialized with the same trust value . After the execution of our proposed truth discovery based evaluation algorithm, we observe the value change of the customer and processors.
Fig. 6 plots the reputation score of the customer where the percentage of malicious processors is set as 10 and 25 percent respectively, i.e., and . As can be seen, the reputation score tends to be stable after the fourth round. When the number of malicious processors accounts for 10% of the total number of processors, the reputation score is equivalent to 0.787. When there are more malicious feedbacks, the reputation score witnesses a downward trend, while is still in a reasonable range. Fig. 7 presents the trust value of a single malicious processor and a single honest processor where and . It is obvious that the malicious processor gets the lower trust value after the experiments, which demonstrates the correctness of TPCS scheme.
We also analyze the effectiveness of the scheme for resilience to on-off attack. Recall that an on-off attack means that a processor behaves well to accumulate its trust value at the beginning, and give untruthful feedback when its trust value is high enough. To mitigate the effect of this attack, we design a circuit-breaker mechanism and apply the forgetting factor. As shown in Fig. 8, without the forgetting factor (i.e., the black line), the processor performs well in the first five tasks, and its trust value rises up to 0.8165. After launching the badmouth attack, its trust value decreases quickly, which however rises up to 0.8045 after only four more tasks. In contrast, with the forgetting factor (i.e., red line), it triggers the circuit-breaker at the sixth task, and its trust value rises slowly at the later task. That is, the attacker will need more time to bring its trust value to the previous level and hence demonstrates the effectiveness of TPCS scheme.
7 Related work
By taking advantage of the increasingly powerful computation and communication capabilities of smart devices, ubiquitous computing has received considerable attention in recent years [2, 20, 25]. As a special computing paradigm, ubiquitous computing integrates nearby devices and provides tremendous novel services by exploiting their idle computing and communication resources. This enables complex computing possible at anytime, anywhere, and by different means. Recently, many ubiquitous computing based applications have been studied and proposed, such as data mining [43], human activity recognition [23], disease support [28], and ambient intelligence [3]. However, the selection of a reliable customer while not disclosing processors’ privacy is still an unsolved problem.
To the best of our knowledge, none of the existing schemes have solved this problem. Generally, to find a reliable customer and help processors avoid selecting the misbehaving customers, a potential approach is to evaluate the trustworthiness of the customers and processors. Recently, many trust models have been proposed in VANET [8],[15],[18],[30],[31],[48]. Specifically, in [30], Patwardhan et al. proposed a context-aware reputation management approach for vehicular ad hoc networks, which provides a bootstrapping method to enable vehicles to establish trust relationships. Nevertheless, since it lacks of robustness and scalability, their proposed model cannot be directly used in the task. Raya et al. [31] presented a data-oriented trust establishment scheme. However, their framework is not efficient in handling the large amount of feedback data in a task scenario. Zhu et al. [48] described a trust management scheme for vehicular crowdsensing applications. Hu et al. [15] presented a reliable and trust-based task service selection scheme. By building a trust-based evaluation model, their scheme can defend against several sophisticated attacks in VANET. However, their scheme ignores the outside attackers and cannot be executed with an untrusted service provider. Javed [18] presented a security adaptation scheme to improve the quality of service (QoS) of safety applications. In their scheme, several factors such as connectivity duration, near s’ centrality metrics, and security level are combined to calculate the trust level. However, their work focuses on the QoS in Vehicular Sensor Networks (VSNs) and it is not suitable in the applications of ubiquitous computing. Zhu et al. [46] used blockchain to realize controllable and trustworthy data management in cloud environment. As for the security and trust in ubiquitous computing, some works have been proposed recently. In [37], Xing et al. defined individuals’ contexts to be private information and based on this they proposed a context aggregation and sharing scheme which could achieve trust and privacy preservation. In [17], an adaptive trust and selection scheme is proposed to realize access control for pervasive environment. In [4], Akram te al. summarized the literature related to security, privacy, and trust issues in user-centric solutions. However, to our best knowledge, none of the existing works have focused on how to select reliable customers for the data processors, which inspires to design a trust-based and privacy-preserving customer selection scheme for ubiquitous computing. Besides the above works, we also study the potential security and privacy issues in internet of things and sensor networks [9, 10, 11, 36, 44, 35], as the core of ubiquitous computing is to take advantage of various computing devices.
8 Conclusion
In this article we proposed a trust-based and privacy-preserving customer selection scheme for processors before they join a ubiquitous computing task. Considering the uncertainty of processors’ behaviors, we design a filtering truth discovery based evaluation mechanism to calculate the customers’ reputation scores and processors’ trust values. In addition, three authentication protocols are designed to ensure that only the valid processors can pass the authentication. Security analysis and simulation results establish the security and effectiveness of the proposed scheme. Using similar approach, we aim to address other trust and privacy challenges in different ubiquitous computing based application scenarios.
References
- Abdalla et al. [2001]
Abdalla, M., Bellare, M., Rogaway, P., 2001.
The oracle diffie-hellman assumptions and an analysis of DHIES, in: Proc. of RSA Conf. on Topics in Cryptology, pp. 143–158.
- Abowd and Mynatt [2000]
Abowd, G.D., Mynatt, E.D., 2000.
Charting past, present, and future research in ubiquitous computing.
ACM Trans. Comput.-Hum. Interact. 7, 29–58.
- Acampora and Loia [2008]
Acampora, G., Loia, V., 2008.
A proposal of ubiquitous fuzzy computing for ambient intelligence.
Information Sciences 178, 631–646.
- Akram et al. [2018]
Akram, R.N., Chen, H., López, J., Sauveron, D., Yang, L.T., 2018.
Security, privacy and trust of user-centric solutions.
Future Generation Comp. Syst. 80, 417–420.
- Bellare and Rogaway [1993]
Bellare, M., Rogaway, P., 1993.
Random oracles are practical: A paradigm for designing efficient protocols, in: Proc. of ACM Conference on Computer and Communications Security, pp. 62–73.
- Boneh and Franklin [2001]
Boneh, D., Franklin, M.K., 2001.
Identity-based encryption from the weil pairing, in: Proceedings of Intl. Conf. on Advances in Cryptology, pp. 213–229.
- Boneh et al. [2004]
Boneh, D., Lynn, B., Shacham, H., 2004.
Short signatures from the weil pairing.
J. Cryptology 17, 297–319.
- Chen et al. [2010]
Chen, C., Zhang, J., Cohen, R., Ho, P.H., 2010.
A trust modeling framework for message propagation and evaluation in vanets, in: Proc. of Int. Conf. on Information Technology Convergence and Services, pp. 1–8.
- Du and Chen [2008]
Du, X., Chen, H., 2008.
Security in wireless sensor networks.
IEEE Wireless Commun. 15, 60–66.
- Du et al. [2009]
Du, X., Guizani, M., Xiao, Y., Chen, H., 2009.
Transactions papers a routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks.
IEEE Trans. Wireless Communications 8, 1223–1229.
- Du et al. [2007]
Du, X., Xiao, Y., Guizani, M., Chen, H., 2007.
An effective key management scheme for heterogeneous sensor networks.
Ad Hoc Networks 5, 24–34.
- Hei and Du [2011]
Hei, X., Du, X., 2011.
Biometric-based two-level secure access control for implantable medical devices during emergencies, in: INFOCOM 2011. 30th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 10-15 April 2011, Shanghai, China, pp. 346–350.
- Hei et al. [2010]
Hei, X., Du, X., Wu, J., Hu, F., 2010.
Defending resource depletion attacks on implantable medical devices, in: Proceedings of the Global Communications Conference, 2010. GLOBECOM 2010, 6-10 December 2010, Miami, Florida, USA, pp. 1–5.
- Hu et al. [2017a]
Hu, H., Lu, R., Zhang, Z., 2017a.
TPSQ: trust-based platoon service query via vehicular communications.
Peer-to-Peer Networking and Applications 10, 262–277.
- Hu et al. [2017b]
Hu, H., Lu, R., Zhang, Z., Shao, J., 2017b.
REPLACE: A reliable trust-based platoon service recommendation scheme in VANET.
IEEE Trans. Vehicular Technology 66, 1786–1797.
- Hu et al. [2011]
Hu, W., Xue, K., Hong, P., Wu, C., 2011.
ATCS: A novel anonymous and traceable communication scheme for vehicular ad hoc networks.
I. J. Network Security 13, 71–78.
- Iltaf et al. [2012]
Iltaf, Naima, Ghafoor, Abdul, Hussain, Mukhtar, 2012.
Modeling interaction using trust and recommendation in ubiquitous computing environment.
Eurasip Journal on Wireless Communications & Networking 2012, 1–13.
- Javed et al. [2018]
Javed, M.A., Zeadally, S., Hamid, Z., 2018.
Trust-based security adaptation mechanism for vehicular sensor networks.
Computer Networks 137, 27–36.
- Kim and Lee [2014]
Kim, Y., Lee, S.K., 2014.
Energy-efficient wireless hospital sensor networking for remote patient monitoring.
Information Sciences 282, 332–349.
- Lai et al. [2013]
Lai, Y.X., Lai, C.F., Huang, Y.M., Chao, H.C., 2013.
Multi-appliance recognition system with hybrid svm/gmm classifier in ubiquitous smart home.
Information Sciences 230, 39–55.
- Li et al. [2014]
Li, Q., Li, Y., Gao, J., Zhao, B., Fan, W., Han, J., 2014.
Resolving conflicts in heterogeneous data by truth discovery and source reliability estimation, in: Int. Conf. on Management of Data, pp. 1187–1198.
- Li et al. [2016]
Li, Y., Li, Q., Gao, J., Su, L., Zhao, B., Fan, W., Han, J., 2016.
Conflicts to harmony: A framework for resolving conflicts in heterogeneous data by truth discovery.
IEEE Trans. Knowl. Data Eng. 28, 1986–1999.
- Liu et al. [2016]
Liu, L., Peng, Y., Wang, S., Liu, M., Huang, Z., 2016.
Complex activity recognition using time series pattern dictionary learned from ubiquitous sensors.
Inf. Sci. 340-341, 41–57.
- Lu et al. [2017]
Lu, R., Heung, K., Lashkari, A.H., Ghorbani, A.A., 2017.
A lightweight privacy-preserving data aggregation scheme for fog computing-enhanced iot.
IEEE Access 5, 3302–3312.
- Ma et al. [2006]
Ma, J., Zhao, Q., Chaudhary, V., Cheng, J., Yang, L.T., Huang, R., Jin, Q., 2006.
Ubisafe computing: Vision and challenges (I), in: Autonomic and Trusted Computing, Third International Conference, ATC 2006, Wuhan, China, September 3-6, 2006, Proceedings, pp. 386–397.
- Miao et al. [2015]
Miao, C., Jiang, W., Su, L., Li, Y., Guo, S., Qin, Z., Xiao, H., Gao, J., Ren, K., 2015.
Cloud-enabled privacy-preserving truth discovery in crowd sensing systems, in: Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems, SenSys 2015, Seoul, South Korea, November 1-4, 2015, pp. 183–196.
- Miao et al. [2017]
Miao, C., Su, L., Jiang, W., Li, Y., Tian, M., 2017.
A lightweight privacy-preserving truth discovery framework for mobile crowd sensing systems, in: Proc. of INFOCOM, pp. 1–9.
- Nieto-Reyes et al. [2017]
Nieto-Reyes, A., Duque, R., Montaã±A, J.L., Lage, C., 2017.
Classification of alzheimer’s patients through ubiquitous computing.
Sensors 17, 1679.
- Paillier [1999]
Paillier, P., 1999.
Public-key cryptosystems based on composite degree residuosity classes, in: Advances in Cryptology - EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, 1999, Proceeding, pp. 223–238.
- Patwardhan et al. [2006]
Patwardhan, A., Joshi, A., Finin, T., Yesha, Y., 2006.
A data intensive reputation management scheme for vehicular ad hoc networks, in: Proc. of Int. Conf. on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 1–8.
- Raya et al. [2008]
Raya, M., Papadimitratos, P., Gligor, V.D., Hubaux, J., 2008.
On data-centric trust establishment in ephemeral ad hoc networks, in: Proc. of IEEE INFOCOM, pp. 1238–1246.
- Sang et al. [2009]
Sang, Y., Shen, H., Tian, H., 2009.
Privacy-preserving tuple matching in distributed databases.
IEEE Trans. Knowl. Data Eng. 21, 1767–1782.
- Vendramin et al. [2012]
Vendramin, A.C.K., Munaretto, A., Delgado, M.R., Viana, A.C., 2012.
Grant: Inferring best forwarders from complex networks’ dynamics through a greedy ant colony optimization.
Computer Networks 56, 997–1015.
- Xia et al. [2015]
Xia, F., Liu, L., Li, J., Ahmed, A.M., Yang, L.T., Ma, J., 2015.
BEEINFO: interest-based forwarding using artificial bee colony for socially aware networking.
IEEE Trans. Vehicular Technology 64, 1188–1200.
- Xiao et al. [2007a]
Xiao, Y., Du, X., Zhang, J., Hu, F., Guizani, S., 2007a.
Internet protocol television (IPTV): the killer application for the next-generation internet.
IEEE Communications Magazine 45, 126–134.
- Xiao et al. [2007b]
Xiao, Y., Rayi, V.K., Sun, B., Du, X., Hu, F., Galloway, M., 2007b.
A survey of key management schemes in wireless sensor networks.
Computer Communications 30, 2314–2341.
- Xing and Julien [2013]
Xing, M., Julien, C., 2013.
Trust-based, privacy-preserving context aggregation and sharing in mobile ubiquitous computing, in: Mobile and Ubiquitous Systems: Computing, Networking, and Services - 10th International Conference, MOBIQUITOUS 2013, Tokyo, Japan, December 2-4, 2013, Revised Selected Papers, pp. 316–329.
- Xu et al. [2017]
Xu, C., Lu, R., Wang, H., Zhu, L., Huang, C., 2017.
TJET: ternary join-exit-tree based dynamic key management for vehicle platooning.
IEEE Access 5, 26973–26989.
- Xu et al. [2018]
Xu, J., Xue, K., Yang, Q., Hong, P., 2018.
PSAP: pseudonym-based secure authentication protocol for NFC applications.
IEEE Trans. Consumer Electronics 64, 83–91.
- Xue et al. [2018]
Xue, K., Hong, J., Ma, Y., Wei, D.S.L., Hong, P., Yu, N., 2018.
Fog-aided verifiable privacy preserving access control for latency-sensitive data sharing in vehicular cloud computing.
IEEE Network 32, 7–13.
- Yang et al. [2019]
Yang, Q., Xue, K., Xu, J., Wang, J., Li, F., Yu, N., 2019.
Anfra: Anonymous and fast roaming authentication for space information network.
IEEE Trans. Information Forensics and Security 14, 486–497.
- Zhang et al. [2019]
Zhang, C., Zhu, L., Xu, C., Sharif, K., Du, X., Guizani, M., 2019.
LPTD: achieving lightweight and privacy-preserving truth discovery in ciot.
Future Generation Comp. Syst. 90, 175–184.
- Zhang et al. [2018]
Zhang, M., Wang, J., Wang, W., 2018.
Heterank: A general similarity measure in heterogeneous information networks by integrating multi-type relationships.
Inf. Sci. 453, 389–407.
- Zhitao Guan and Yu [2019]
Zhitao Guan, Yue Zhang, L.Z.L.W., Yu, S., 2019.
Effect: an efficient flexible privacy-preserving data aggregation scheme with authentication in smart grid.
Science China Information Sciences 62, 1–14.
- Zhu et al. [a]
Zhu, L., Meng, L., Zhang, Z., Zhan, Q., a.
Asap: An anonymous smart-parking and payment scheme in vehicular networks.
IEEE Transactions on Dependable & Secure Computing PP, 1–1.
- Zhu et al. [2019]
Zhu, L., Wu, Y., Gai, K., Choo, K.R., 2019.
Controllable and trustworthy blockchain-based cloud data management.
Future Generation Comp. Syst. 91, 527–535.
- Zhu et al. [b]
Zhu, L., Zhang, C., Xu, C., Du, X., Xu, R., Sharif, K., Guizani, M., b.
PRIF: A privacy-preserving interest-based forwarding scheme for social internet of vehicles.
IEEE Internet of Things Journal 5, 2457–2466.
- Zhu et al. [2018]
Zhu, L., Zhang, C., Xu, C., Sharif, K., 2018.
Rtsense: Providing reliable trust-based crowdsensing services in CVCC.
IEEE Network 32, 20–26.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1Abdalla et al. [2001] Abdalla, M., Bellare, M., Rogaway, P., 2001. The oracle diffie-hellman assumptions and an analysis of DHIES, in: Proc. of RSA Conf. on Topics in Cryptology, pp. 143–158.
- 2Abowd and Mynatt [2000] Abowd, G.D., Mynatt, E.D., 2000. Charting past, present, and future research in ubiquitous computing. ACM Trans. Comput.-Hum. Interact. 7, 29–58.
- 3Acampora and Loia [2008] Acampora, G., Loia, V., 2008. A proposal of ubiquitous fuzzy computing for ambient intelligence. Information Sciences 178, 631–646.
- 4Akram et al. [2018] Akram, R.N., Chen, H., López, J., Sauveron, D., Yang, L.T., 2018. Security, privacy and trust of user-centric solutions. Future Generation Comp. Syst. 80, 417–420.
- 5Bellare and Rogaway [1993] Bellare, M., Rogaway, P., 1993. Random oracles are practical: A paradigm for designing efficient protocols, in: Proc. of ACM Conference on Computer and Communications Security, pp. 62–73.
- 6Boneh and Franklin [2001] Boneh, D., Franklin, M.K., 2001. Identity-based encryption from the weil pairing, in: Proceedings of Intl. Conf. on Advances in Cryptology, pp. 213–229.
- 7Boneh et al. [2004] Boneh, D., Lynn, B., Shacham, H., 2004. Short signatures from the weil pairing. J. Cryptology 17, 297–319.
- 8Chen et al. [2010] Chen, C., Zhang, J., Cohen, R., Ho, P.H., 2010. A trust modeling framework for message propagation and evaluation in vanets, in: Proc. of Int. Conf. on Information Technology Convergence and Services, pp. 1–8.
