As Crowdsensing Risks Exposing your Private Information, Researchers Work to Hide it with Encryption, Cloaking, and Facial Blurring

By Lori Cameron
Published 01/11/2018
Share this on:

crowd walking down street

You’ve downloaded your favorite navigation app that now gets you to work on time while dodging road debris, traffic jams, and cops.

Welcome to the world of crowdsensing, where smart phone owners volunteer to upload data to platforms like Waze, Moovit, and OpenStreetMap to help other drivers find the fastest routes while avoiding flat tires and traffic tickets.

However, those who share this helpful information might not be aware of just how much personal information they risk exposing—home location, travel route, work location, identity, phone number, and even license plate number.

Crowdsensing developers have long been aware of just how much information they can get from you. Now, researchers in South Korea are studying ways to protect your privacy that encrypt your data, “cloak” your location, and use facial recognition to obscure your face in multimedia data transfers.

What is crowdsensing?

In addition to traffic conditions, people with mobile phones can feed data into a crowdsensing platform to tell you about the weather, dangerous situations, or even air quality for allergy or asthma sufferers.

“Crowdsensing lets individuals with sensing and computing devices gather multimedia data to extract information that collectively forms knowledge. Multimedia crowdsensing (also called participatory sensing or mobile sensing) can be used in a wide variety of applications, including community mapping services; healthcare monitoring; and information retrieval about ambient air quality, the weather, and urban traffic patterns,” write Yan Li of Inha University, Young-Sik Jeong of Dongguk University, Byeong-Seok Shin of Inha, and Jong Hyuk Park of Seoul National University of Science and Technology. They are the authors of “Crowdsensing Multimedia Data: Security and Privacy Issues,” which appears in the October-December 2017 issue of IEEE MultiMedia. (Login may be required for full text.)

architecture of a typical crowdsensing application
The architecture of a typical crowdsensing application. The involved actors are crowdsensing participants, service providers, and users (that is, individuals, groups, or communities using the crowdsensed data).

Besides being useful to private citizens, data from a crowdsensing platform is of interest to researchers, including information about how lifestyle activities affect the health of patients—an application called “human-centric.”

“Ubiquitous healthcare systems that gather and monitor biometric and biomechanical data of an individual are a typical example of human-centric crowdsensing applications. These systems rely on a wireless body area network (WBAN), a wireless network of wearable computing devices (sensors). WBAN is one part of the ubiquitous healthcare system, and it can collect biometric data and send it ubiquitously to cover our daily life. In a WBAN system, the sensors send collected data to the gateway node or coordinator node, which then filters, samples, and aggregates the data. The cleaned data is then sent to the service provider and medical experts,” the authors say.

They might also be interested in finding out how an environment changes over time—an application called “environment-centric.”

workflow of a crowdsensing system
A workflow of a crowdsensing system. Tasks in green are done before sending tasks to participants, tasks in orange are done after receiving the sensing data, and tasks in blue are sharing tasks.

“Environment-centric crowdsensing applications exploit users’ mobile devices (such as the user’s sensor-equipped mobile phone or vehicle) to collect dynamic information about environmental trends or context information. Each mobile node gathers and processes sensor readings locally before delivering them to a central portal, where the data is stored in a database for further analysis and visualization. Examples of such systems include CarTel, GreenGPS, and VTrack,” write the authors.

The Problem

The problem is, while most people are happy to share helpful information with others, they want to remain anonymous while doing it. Likewise, users want reliable information.

Data Reliability

If your device is infected with a virus, it could feed data to a crowdsensing platform that is not accurate.

“The crowdsourcers must ensure that the sensor data provided by volunteers is reliable, although they might acknowledge some inherent uncertainties in crowdsensing. The personal device of a volunteer who takes part in crowdsensing might be inadvertently exposed to malicious code,” say the authors.

Participant Privacy

Different crowdsourcing apps collect various pieces of information, not the least of which is where you are at any time. No one wants the world to know they are not at home, possibly allowing burglars to steal their things. Also, people expect a level of privacy no matter where they are.

“People who participate in crowdsensing have no control over the programs that are responsible for performing various activities in the crowdsourcing stages of collecting, storing, and uploading data. They are not aware of exactly what kind of information is collected from their personal device before it is uploaded to the server. Because the reports uploaded by a participant usually includes the time and location of the sensor reading, they could reveal the participant’s location at a particular time, which could be an invasion of privacy,” the authors write.

Inadvertent Data

Because crowdsensing relies heavily on images, photos might reveal the faces of people who’d rather remain anonymous.

“In crowdsensing, the data is often sensed, collected, and shared automatically without participant intervention and, in some cases, without the participant’s explicit knowledge. For example, a citizen’s face can be included in the sensed image data (photos and videos) in a crowdsensing application that harvests image information from an urban environment. Various techniques that filter or anonymize such sensitive information from the data before it is sent to a third party have been studied to protect privacy,” the authors say.

The Solution

According to the authors, the solution includes encryption, cloaking, and facial blurring while ensuring accurate information.

Enhancing Data Reliability

The authors studied a privacy platform called AnonySense that uses four services to ensure accuracy in crowdsensing.

“AnonySense is a privacy-aware framework for realizing crowdsensing applications. Mobile nodes that take part in crowdsensing are likely to have diverse platforms. A problem in designing a large-scale crowdsensing application is that it assumes that the crowdsourced sensor data coming from a large number of participating mobile devices is reliable and accurate. To guarantee the reliability of crowdsourced sensing tasks performed by voluntary participants, AnonySense employs four system services: Registration Authority, Task Service, Report Service, and Mix Network,” write the authors.

The challenge is developing a system that can deal with multimedia from many different sources.

“A crowdsensing system might need a general encryption method that can accommodate a variety of multimedia data. Current research only focuses on specific data types. Different kinds of multimedia data use different kinds of encryption and decryption methods. Because many crowdsensing services are used for diverse multimedia data in mobile devices, we need to find ways to manage the security issues for the wide variety of multimedia data in a mobile environment,” the authors say.

Protecting Participant Privacy

When people send information to crowdsensing platforms, they are generally unaware of the information they are agreeing to share, not the least of which is their location. The authors studied several different methods of hiding or “cloaking” a person’s location.

evaluation of cloaking processing time
The evaluation of cloaking processing time. When the privacy level is low, the four methods performed similarly. However, when the privacy level is high, CliqueCloak and CacheCloak are a little faster than the peer-to-peer and Casper methods. (The distance is a normalized value between 0 and 100.)

“We set up an experiment that randomly generated 10,000 virtual users moving in a closed one-floor space that was 200 × 200 m. When the virtual users randomly moved in the test space, we used a peer-to-peer method, the Casper method, the CacheCloak method, and CliqueCloak to anonymize the users’ location data and evaluate these methods’ processing time and memory usage. In a crowdsensing environment, the processing time is an important indicator for real-time location-based services. When the privacy level was low, performance for the four methods was similar. However, when the privacy level was high, CliqueCloak and CacheCloak were a little faster than the peer-to-peer and Casper methods,” they concluded.

Performance evaluation of a center-cloaked area attack
Performance evaluation of a center-cloaked area attack. The peer-to-peer method, CliqueCloak, and Casper successfully adjusted the query location away from the cloaking center. (The distance is a normalized value between 0 and 100.)

Protecting Inadvertent Data

Photographs can reveal all kinds of private information, including a person’s face or license plate number. Companies like Google Maps have been sued because their street-view photographs contain the faces of people. In response, they have had to use face-recognition techniques to find and remove faces from those images.

The problem with crowdsensing is that the information is transmitted in real time, requiring the detection and obscuring of faces in real time too.

“Much work has been done for real-time face recognition and face-region replacement for specific images. Face recognition in security areas contains a procedure to extract the human face region from images using several face-detection algorithms. In general, face-recognition techniques can identify the face region using features such as skin color and object symmetry and using anatomical landmarks, such as the eyes, nose, and mouth,” the authors say.

But what about things like license plate numbers?

“Unfortunately, there have been few attempts to devise a method that can process real-time images or videos with small latency as well as be operated on mobile devices with low computing power. Furthermore, research must move beyond the facial region to explore license plates, street signs, and company logos. Deep learning could be useful in this area,” the authors say.

Research related to crowdsensing in the Computer Society Digital Library

Login may be required for full text.



About Lori Cameron

Lori Cameron is a Senior Writer for the IEEE Computer Society and currently writes regular features for Computer magazine, Computing Edge, and the Computing Now and Magazine Roundup websites. Contact her at Follow her on LinkedIn.