Research ArticleNoninteractive Lightweight Privacy-Preserving Auditing onImages in Mobile Crowdsourcing Networks
Juan Zhang1 Changsheng Wan 2 Chunyu Zhang3 Xiaojun Guo3 and Yongyong Chen2
1Business School Nanjing University Nanjing 210093 China2School of Cyber Space Southeast University Nanjing 210096 China3School of Information and Engineering Xizang Minzu University Xianyang 712082 China
Correspondence should be addressed to Changsheng Wan wanchangsheng163com
Received 17 April 2020 Revised 6 July 2020 Accepted 10 July 2020 Published 25 July 2020
Academic Editor Clemente Galdi
Copyright copy 2020 Juan Zhang et al (is is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
To determine whether images on the crowdsourcing server meet the mobile userrsquos requirement an auditing protocol is desired tocheck these images However before paying for images the mobile user typically cannot download them for checking Moreoversince mobiles are usually low-power devices and the crowdsourcing server has to handle a large number of mobile users theauditing protocol should be lightweight To address the above security and efficiency issues we propose a novel noninteractivelightweight privacy-preserving auditing protocol on images in mobile crowdsourcing networks called NLPAS Since NLPASallows the mobile user to check images on the crowdsourcing server without downloading them the newly designed protocol canprovide privacy protection for these images At the same time NLPAS uses the binary convolutional neural network for extractingfeatures from images and designs a novel privacy-preserving Hamming distance computation algorithm for determining whetherthese images on the crowdsourcing server meet the mobile userrsquos requirement Since these two techniques are both lightweightNLPAS can audit images on the crowdsourcing server in a privacy-preserving manner while still enjoying high efficiencyExperimental results show that NLPAS is feasible for real-world applications
1 Introduction
Recently mobile crowdsourcing systems have been widelydeployed all over the world which collect and process datathrough widely available mobile devices [1] As discussed in[2] since data typically originate from third parties fal-sified data may be reported to the crowdsourcing server(erefore to ensure data trust it is important to checkwhether the data collected by workers meet the mobileuserrsquos requirement before using it [2] We call this sort ofprotocol the auditing protocol At the same time to avoideconomic loss mobile users may not be allowed todownload images before paying for them (erefore tocheck images before downloading them the auditingprotocol should have the noninteractive feature Moreoveras shown in [2] data uploaded by participants may containtheir private and sensitive information (erefore theauditing protocol should have the privacy-preserving
feature Finally due to limited resources of mobile usersthe auditing protocol should be quite efficient (erefore anoninteractive lightweight privacy-preserving auditingscheme is needed for the mobile user to check imagesbefore downloading them
Regardless of the technology implemented a typicalldquononinteractive lightweight privacy-preserving auditingsystem (NLPAS)rdquo includes three entities the ldquocrowd-sourcing server (CS)rdquo which stores images the ldquomobile user(MU)rdquo who audits images stored on the crowdsourcingserver before downloading them and the worker whocollects images and uploads them to the CS In practicethese entities are involved in two processes (ie theuploading process and the auditing process) During theuploading process the worker collects images and uploadsthem to the CS During the auditing process the MU auditsimages stored on the CS and then determines whether todownload them
HindawiSecurity and Communication NetworksVolume 2020 Article ID 8827364 11 pageshttpsdoiorg10115520208827364
Security has vital significance for NLPAS To avoideconomic loss the CS is not willing to transport images tothe MU before the latter pays for them On the other handthe MU is not willing to pay for images before heshe canmake sure that these images really meet the requirement Tohandle this dilemma it is reasonable to design a privacy-preserving auditing protocol which allows the MU to checkwhether these images meet the requirement before down-loading them Unfortunately the current security protocolsfor crowdsourcing systems (ie [3ndash40]) only consider howthe CS checks images uploaded by workers(is leads to twoissues First to earn more money the CS is not willing tocheck images and provide true information to the MUSecond the requirements of multipleMUsmay vary and theCS may not know them For example one MU may beinterested in the hill in the image while another MUmay beinterested in the lion in the image In this case it is im-possible for the CS to know the requirements of multipleMUs So to make sure the images on the CS meet the re-quirements of the MU it is desired to design a privacy-preserving auditing protocol for mobile crowdsourcingsystems
Efficiency is another serious concern for NLPAS Due tolimited resources of mobile devices the MU is seriouslyconcerned about the high computation cost arising fromrunning the auditing protocol At the same time the CS willhave to handle a lot of auditing requests from multipleMUs and it is seriously concerned about the computationcost too So the newly designed auditing protocol shouldbe lightweight Taking both security and efficiency intoaccount we aim to design a noninteractive privacy-pre-serving lightweight auditing protocol on images in themobile crowdsourcing system which extracts features fromimages and then determines whether these features meetthe MUrsquos requirement An auditing protocol for the mobilecrowdsourcing system should fulfill the followingrequirements
(1) Privacy Preserving When auditing images on the CSthe MU must be ensured that hisher requirement isnot leaked to the CS or a third-party adversaryOtherwise the CS may forge wrong information topass the auditing resulting in economic loss of theMU At the same time the CS must be ensured thatthe features of images are not leaked to the MU or athird-party adversary too Otherwise it will result ineconomic loss of the CS
(2) Content Privacy During auditing the CS should beensured that the MU or a third-party adversarycannot extract content of images from exchangedinformation Otherwise the adversary may stealcontent of images stored on the CS resulting ineconomic loss of the CS
(3) Auditing After the auditing process the MU shouldbe able to determine whether the content in an imagemeets hisher requirement
(4) Computation Cost (e CS and the MU should beensured that their computation costs are low whenrunning auditing algorithms
(5) Accuracy(e CS and theMU should be ensured thatthe accuracy of themodel used for extracting featuresfrom images during auditing is high
Obviously designing an auditing protocol for NLPAS isa nontrivial task as the MU has to determine whether theimages stored on the CS meet the requirement withoutdownloading them Recently security protocols for mobilecrowdsourcing systems have focused on image-checkingtechniques run by the CS However there is no protocolconsidering the image-checking technique established by theMU Moreover when focusing on this topic we notice thatthere is no security scheme which can be directly used forsatisfying all the above requirements We will present thedetailed analysis for arriving at this conclusion in the nextsection (is becomes a more serious issue since more andmore mobile crowdsourcing systems are being deployedMotivated by this observation in this paper we mainly makethree contributions
(1) We present a comprehensive set of requirements forauditing protocols in mobile crowdsourcing systemsand show some security and efficiency problems ofcurrent data checking protocols in mobile crowd-sourcing systems
(2) We propose a novel auditing protocol called NLPASwhich can check whether the images stored on the CSmeet the MUrsquos requirement However different fromcurrent data checking protocols for mobile crowd-sourcing systems NLPAS allows the MU instead of theCS to check images in a privacy-preserving manner Bydoing so the MU can determine whether the imagesmeet the requirement before paying for them At thesame time the CS can make sure that those images willnot be leaked To fulfill all these requirements we willfirst introduce the ldquobinary convolutional neural network(BCNN)rdquo technique [41] to the newly designed auditingprotocol for extracting features of images and then wewill design a novel privacy-preserving Hamming dis-tance computation [42] technique for determiningwhether the images meet the MUrsquos requirements Sincethese two techniques are quite lightweight the com-putation cost of NLPAS can be reduced significantly
(3) We analyze the security of NLPAS showing it sat-isfies requirements (1) (2) and (3) in Section 1 Andwe evaluate the efficiency of NLPAS showing itsatisfies requirements (4) and (5) in Section 1 Weorganize the remainder of this paper as follows Firstwe investigate the related work in Section 2 Secondwe describe the NLPAS protocol in Section 3 fol-lowed by security analysis and efficiency evaluationin Sections 4 and 5 respectively Finally in Section 6we draw our conclusions
2 Security and Communication Networks
2 Related Work
21DataTrust Data trust is an essential security problem inmobile crowdsourcing systems Due to openness workers inmobile crowdsourcing systems may have different securityabilities resulting in low data trust [3] Recently a lot ofpapers have been published focusing on data trust incrowdsourcing systems as illustrated below
211 Voting-Based Data Checking (is sort of scheme takesobserved results with the most observers as the true data[4ndash6] For example in [4] the authors allowed a number ofobservers to report their evaluation results on data and tookthe one as true data if most of the evaluation results werepositive Similarly the authors in [5] aimed to find conflictsof data obtained frommultiple workers which could be seenas a variation of the voting-based data checking scheme
212 Context Information-Based Data Checking (is sortof scheme uses context information such as location in-formation to determine whether the data are true or not Forexample in [7] the authors required workers to uploadlocation information together with data while the CS usedlocation information to determine whether the data weretrue or not Similarly the authors in [8 9] used the workerrsquostrajectory for determining whether the data were true or not
213 Statistics-Based Data Checking (is sort of scheme[10ndash13] uses statistic methods for evaluating whether thedata are true or not For example the authors in [10] usedmaximum likelihood estimation for checking data And theauthors in [11] used maximum a posteriori (MAP) esti-mation for determining whether the data were true or not
214 Gold Data Set-Based Data Checking (is sort ofscheme uses a gold data set for checking data uploaded byworkers [14 15] For example in [15] the authors assignedfully trusted workers with a gold data set for checking datauploaded from other workers
215 Data Redundancy Checking (is sort of scheme aimsto address data redundancy issues [16 17] For example in[16] the authors designed a scheme to find redundancy datafrom multiple workers and used redundancy data for esti-mating missing values
From the above analysis it can be seen that the existingschemes mainly focus on data checking performed by the CSand workers And they mainly consider whether the data arecorrect However existing schemes did not allow the mobileusers to check data before downloading it Moreover existingschemes only focus on the correctness of data and do notconsider whether the data match the MUrsquos requirement sincerequirements from multiple mobile users may vary (is leadsto a serious issue (e mobile user may waste money onnonmatched data(erefore an auditing scheme performed bythe MU before data downloading is desired
22 Data Privacy Data privacy is another importantproblem in mobile crowdsourcing systems First if the datauploaded by workers are leaked the CS and workers maylose money More importantly if the leaked data containprivacy of workers the adversary may cause them harmSecond if the data of mobile users are leaked the adversarymay deduce valuable information about mobile users [3](erefore data privacy is a serious concern in crowd-sourcing systems Papers about data privacy in mobilecrowdsourcing systems are illustrated below
221 Encryption (is sort of scheme aims to encrypt databefore uploading them [18ndash21] For example in [18] ahomomorphic identity-based encryption algorithm wasdesigned for protecting data uploaded by workers
222 Differential Privacy (is sort of scheme adds per-turbation to data [22ndash25] For example in [25] the authorsadded random perturbation to data uploaded by workers
223 Location Privacy (is sort of scheme aims to protectlocation information of workers [26ndash31] For example in[26] the authors used k-anonymity for providing locationprivacy
224 Personal Information Privacy (is sort of schemeaims to protect personal information of workers and mobileusers [32ndash35] For example in [35] the authors definedmultiple privacy level of personal information
Recently several new techniques such as blockchain andfog computing have been introduced to mobile crowd-sourcing networks [36ndash40] For example in [36] the authorsused blockchain for user authorization And in [38] theauthors used fog computing for data aggregation and taskallocation Finally the features of existing schemes are listedin Table 1
From Table 1 it can be seen that the existing schemes canprovide data trust and privacy protection in various waysHowever most schemes only consider one feature eitherdata trust or privacy preserving And no scheme providesboth features Moreover all existing schemes do not supportthe noninteractive feature (is leads to a dilemma on theone hand to provide privacy protection the MU cannot getdata before paying for it on the other hand the MU has tocheck data before paying for it to determine whether thedata meet the requirement
Furthermore for images this dilemma becomes moreserious since the data volume of images is much larger thanthat of traditional texts To handle this dilemma it is desiredto design a noninteractive lightweight privacy-preservingauditing protocol on images in mobile crowdsourcingnetworks which allows the MU to efficiently determinewhether the images meet the requirements without knowinganything about these images
Security and Communication Networks 3
3 NLPAS The Protocol
31 Preliminaries
311 Binary Convolutional Neural Networks A convolu-tional neural network [41] is a kind of neural networkswhose forward propagation operation can be expressed asY f(WotimesX) where Y is the output tensor of the oper-ation f(middot) is a nonlinear function W and X are the weighttensor and the activation tensor generated by the previousneural network layer and otimes is the convolution operation Abinary convolutional neural network is a kind of convolu-tional neural networks whose weights w isinW and activa-tions x isin X are 1 bit instead of the floating point And theforward propagation operation can be expressed as Y
f(WotimesX) f((mBW)otimes nBX) f(mnBW otimesBX) where m
and n are integers and each bW isin BW is computed from thecorresponding w isinW as follows
bW sgn(w) 1 wge 0
minus 1 wlt 01113896 (1)
Similarly each bX isin BX is computed from the corre-sponding x isin X as follows
bX sgn(x) 1 xge 0
minus 1 xlt 01113896 (2)
For bitwise bW and bX the BW otimesBX operation can beefficiently computed using the XNOR-bitcount algorithmdefined in [43]
Moreover since the sgn function is not differentiable duringbackward propagation Bengio et al used the clip functioninstead of sgn as follows clip(middot) max(minus 1 min(1 middot)) [44] Byusing the clip function the binary convolutional neural networkcan use the same gradient descent algorithm as that of tradi-tional neural networks to update parameters during training
312 Hamming Distance (e Hamming distance [42] isdefined below
Given two n-bit binary vectors a
a1 a2 middot middot middot an andb
b1 b2 middot middot middot bn where (ai isin 0 1 i 1 middot middot middot n) and(bi isin 0 1 i 1 middot middot middot n) the Hamming distance of a
and b
is defined as
d(a
b
) 1113944n
i1ai otimes bi( 1113857 (3)
(e above definition shows that the Hamming distanceis the total number of different bits between a
and b In
other words to compute the Hamming distance we need tocount the different bits between a
and b
32 System Model (e main purpose of NLPAS is to de-termine whether the image on the CS meets the requirementof the MU in a privacy-preserving manner
(e main idea of NLPAS can be divided into two partsnamely the feature extracting part and the Hamming dis-tance computation part For the feature extracting part theMU first defines a binary convolutional neural network andtrains it using a data set according to the userrsquos requirement(en the MU extracts a binary vector (a) from a templateimage using this binary convolutional neural network whichis used as the requirement feature Finally the MU sends thetrained binary convolutional neural network to the CS andthe latter extracts a binary vector (b
) from the image to be
audited using this trained network which is used as theauditing feature Since the binary convolutional neuralnetwork is quite lightweight NLPAS can achieve highefficiency
For theHamming distance computation part theMU andthe CS hide the two input vectors (a and b
) in a carrier
number respectively And then all operations for countingdifferent bits between these two vectors are based on five basicmathematical operations namely addition subtractionmultiplication division and modulo operations Since thesefive basic mathematical operations are quite lightweight ourscheme can achieve high efficiency
Based on the feature extracting and Hamming distancecomputation techniques the MU compares the Hammingdistance of a
and bwith a threshold to determine whether
the interested image on the CS meets the requirement(e system model of NLPAS is shown in Figure 1 which
includes three phases as described below And the notationsare listed in Table 2
Table 1 Features of existing schemes
Data trust Privacy preserving Noninteractive[4ndash6] Voting-based data checking [7ndash9] Context information-based data checking [10ndash13] Statistics-based data checking [14 15] Gold data set-based data checking [16 17] Data redundancy checking [18ndash21] Encryption [22ndash25] Differential privacy [26ndash31] Location privacy [32ndash35] Personal information privacy [36] Blockchain-based authorization [37] Blockchain-based data privacy [38] Fog-based data privacy
4 Security and Communication Networks
321 e Initialization Phase During this phase the MUdefines a binary convolutional neural network model(mode) trains it and extracts a binary vector a
from thetemplate image using themode (en the MU generatespublic and private cryptographic parameters for the NLPASsystem (ese cryptographic parameters will be used forhiding vectors and extracting results in the following hiding
phase and extracting phase (e initialization algorithm isdescribed as follows
SKA PKA1113864 1113865⟵Init(n l) (is algorithm is run by theMU for generating system parameters for NLPAS It takes asinput the length of input vectors (ie n) and the securitystrength of NLPAS (ie l-bit) and outputs the set of privateand public cryptographic parameters (ie SKA and PKA)
MU CS
cipher Blarr Injecting B (b cipher A PKA)
cipher Alarr Hiding A (a SKA PKA) Cipher A
Cipher B
The initialization phaseSKA PKA larr Init (n l)
The hiding phase
d (a b)larr Extra (cipher B SKA PKA)
The extracting phase
PKA mode
Figure 1 System model of NLPAS
Table 2 Notations in this paper
Notation Descriptionmode Binary convolutional neural network model trained by the MUSKA Private parameters of the MUPKA Public parameters of NLPASa
a1 middot middot middot ai middot middot middot an Feature vector of the MUb
b1 middot middot middot bi middot middot middot bn Feature vector of the CSn Length of the two binary vectors a
and b
l Security strength of NLPAScipherA C D Ciphertexts generated by the MUC c1 c2 middot middot middot cn1113864 1113865 (e first set of random numbers that a
is hidden inD d1 d2 middot middot middot dn1113864 1113865 (e second set of random numbers that a
is hidden incipherB E F Ciphertexts generated by the CSd(a
b
) Hamming distance of a and b
ei i 1 2 middot middot middot n1113864 1113865 (e first set of random numbers that d(a
b
) is hidden infi i 1 2 middot middot middot n1113864 1113865 (e second set of random numbers that d(a
b
) is hidden inthres (reshold for determining whether the image on the CS meets the MUrsquos requirementw Prime number for counting different bits in a
and b
g Prime number used as a carrierP p1 p2 middot middot middot pn1113864 1113865 (e first set of random numbers for hiding g
Q q1 q2 middot middot middot qn1113864 1113865 (e second set of random numbers for hiding g
S s1 s2 middot middot middot sn1113864 1113865 (e third set of random numbers for hiding g
T t1 t2 middot middot middot tn1113864 1113865 (e fourth set of random numbers for hiding g
V vi pi + qig i 1 2 middot middot middot n1113864 1113865 (e first set of bases for hiding vectorsU ui si + tig i 1 2 middot middot middot n1113864 1113865 (e second set of bases for hiding vectorsJ K Transitional values for extracting the hamming distanceX Y Values that contain the hamming distance
Security and Communication Networks 5
(en the MU sends the public parameter (PKA) and thetrained model (mode) to the CS And the latter extracts abinary vector b
from the interested image stored on it
After the initialization phase the MU holds(SKA PKA a
mode) and the CS holds (PKA b
mode)
322 e Hiding Phase When the MU wants to computethe Hamming distance d(a
b
) where a is known only by the
MU and bis known only by the CS it establishes the hiding
process by running the HidingA algorithm and sending theresults to the CS(eHidingA algorithm is described below
cipherA1113864 1113865⟵HidingA(a
SKA PKA) (is algorithm isrun by the MU for hiding the binary vector a
into a ci-phertext It takes as inputs the MUrsquos binary vector (ie a
)the MUrsquos private parameter (ie SKA) and the MUrsquos publicparameter (ie PKA) and outputs the ciphertext (iecipherA)
Upon receiving the ciphertext (ie cipherA) the CSinjects its vector (ie b
) into cipherA using the InjectingB
algorithm and gets the updated ciphertext cipherB (enthe CS sends cipherB back to the MU and the Hammingdistance of vectors a
and b
is included in cipherB (eInjectingB algorithm is described below
1113864cipherB⟵InjectingB(b
cipherA PKA) (is algo-rithm is run by the CS for injecting the binary vector b
into
cipherA It takes as inputs the CSrsquos binary vector (ie b) the
MUrsquos ciphertext (ie cipherA) and the MUrsquos public pa-rameter (ie PKA) and outputs the updated ciphertext (iecipherB)
After the hiding phase the MU gets cipherB and theHamming distance of a
and bis hidden in cipherB for being
extracted in the following extracting phase
323 e Extracting Phase After receiving the updatedciphertext (ie cipherB) from the CS the MU extracts theHamming distance from cipherB using the Extra algo-rithm which is described below
d(a
b
)⟵Extra(cipherB SKA PKA) (is algorithmis run by the MU for extracting the Hamming distance fromthe updated ciphertext (ie cipherB) It takes as inputs theupdated ciphertext cipherB the MUrsquos private parameter(ie SKA) and the MUrsquos public parameter (ie PKA) andoutputs the Hamming distance of a
and b(ie d(a
b
))After the extracting phase the MU gets the Hamming
distance of a and b
(ie d(a
b
)) (en the MU setsa threshold value thres If d(a
b
)ge thres the interestedimage stored on the CS does not match the MUrsquos re-quirement Otherwise the interested image on the CSmatches the MUrsquos requirement
In the above system model the MUrsquos vector a is hidden
in cipherA using the HidingA algorithm which cannot beknown by the CS At the same time the CSrsquos vector b
is
hidden in cipherB using the InjectingB algorithm whichcannot be known by the MU(erefore NLPAS can achievethe privacy-preserving goal described in Section 1
In the above systemmodel the CSrsquos vector bis hidden in
cipherB using the InjectingB algorithm which cannot beknown by the MU (erefore the MU only knows the
Hamming distance between a and b
and does not know b
and the corresponding interested image (erefore NLPAScan achieve the content privacy goal described in Section 1
33 Construction (e construction of NLPAS is a tuple(Init HidingA InjectingB Extra) of probabilistic polyno-mial time algorithms as shown in Figure 2 and the detailsare defined below
SKA PKA1113864 1113865⟵Init(n l) (e MU runs this algorithmfor generating system parameters for NLPAS as followsFirst the MU generates a l-bit prime number w for countingdifferent bits Second the MU generates a large primenumber g with the length 2l + 2 + log2 n as the carrier ofNLPAS (ird the MU generates four sets of positiverandom numbers for hiding g namely P p1 p2 middot middot middot pn1113864 1113865Q q1 q2 middot middot middot qn1113864 1113865 S s1 s2 middot middot middot sn1113864 1113865 and T t1 t2 middot middot middot 1113864
tn where 1113936ni1 pi lt (w minus n)2 1113936
ni1 si lt (w minus n)2 Fourth
the MU computes two sets of bases for hiding vectors asfollows V vi pi1113864 +qig i 1 2 middot middot middot n and U ui si1113864
+ tig i 1 2 middot middot middot n Finally the MU gets SKA
g P Q S T V U1113864 1113865 and PKA wcipherA1113864 1113865⟵HidingA(a
SKA PKA) (e MU runs
this algorithm for hiding the binary vectora
a1 middot middot middot ai middot middot middot an into a ciphertext as follows (e MUcomputes ci vi + w and di ui for each ai 1 in a
Otherwise ci vi and di ui + w (en the MU getscipherA C c111138641113864 c2 middot middot middot cn D d1 d2 middot middot middot dn1113864 1113865
1113864cipherB⟵InjectingB (b
cipherA PKA) (e CSruns this algorithm for injecting the binary vectorb
b1 middot middot middot bi middot middot middot bn into cipherA as follows First the CScomputes ei ci and fi wdi for each bi 1 in b
Oth-
erwise ei wci and fi di Second the CS computes E
1113936ni1 ei and F 1113936
ni1 fi Finally the CS gets cipherB E F
d(a
b
)⟵Extra(cipherB SKA PKA) (e MU runsthis algorithm for extracting the Hamming distance from theupdated ciphertext (ie cipherB) as follows First the MUcomputes J Emodg and K Fmodg Second the MUcomputes X J minus (Jmod(w2))w2 andY K minus (Kmod(w2))w2 (ird the MU computesd(a
b
) X + YIn the above construction NLPAS uses only a few simple
mathematical operations (ie addition subtraction multi-plication division and modulo operations) instead of time-consuming cryptographic operations such as modular ex-ponentiation (erefore it enjoys high efficiency We willfurther evaluate the efficiency of NLPAS in Section 5
4 Security Analysis
In this section we first show that NLPAS is correct and thenanalyze the security of NLPAS according to the securityrequirements described in Section 1 (ie privacy preservingcontent privacy and auditing)
41 Correctness In the construction in Section 33 we use X
for counting the bits where ai 1 and bi 0 Similarly weuse Y for counting the bits where ai 0 and bi 1
6 Security and Communication Networks
(erefore the Hamming distance of a and b
can be
computed as d(a
b
) X + YIn this section we shall show that X can really be used
for counting the bits where ai 1 and bi 0 And themeaning of Y can be analyzed in a similar way
We start analyzing the meaning of X from the variable ei
as follows First according to the InjectingB algorithm ei
can be written as
ei ci bi 1
wci bi 01113896 (4)
Second taking the value of ci in the HidingA algorithminto consideration ei can be further written as
ei
vi + w ai 1 bi 1( 1113857
vi ai 0 bi 1( 1113857
w vi + w( 1113857 ai 1 bi 0( 1113857
wvi ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(5)
(ird taking the value of vi in the Init algorithm intoconsideration ei can be written as
ei
pi + qig + w ai 1 bi 1( 1113857
pi + qig ai 0 bi 1( 1113857
w pi + qig + w( 1113857 ai 1 bi 0( 1113857
w pi + qig( 1113857 ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(6)
Fourth considering all the four conditions (ie(ai 1 bi 1) (ai 1 bi 0) (ai 0 bi 1) and(ai 0 bi 0)) together we can compute
E 1113944n
i1ei 1113944
ai1bi1pi + qig + w( 1113857 + 1113944
ai1bi0w pi + qig + w( 1113857( 1113857
+ 1113944ai0bi1
pi + qig( 1113857 + 1113944ai0bi0
w pi + qig( 1113857( 1113857
1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
piw⎛⎝ ⎞⎠ + 1113944
ai0bi1pi
+ 1113944bi1
qi + 1113944bi0
wqi⎛⎝ ⎞⎠g
(7)
Fifth since the length of w is l-bit the length of(1113936(ai1bi0)1)w2 should be no more than log2 n + 2l Since1113936
ni1 pi lt (w minus n)2 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
should be nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi
should be no more than l minus 1 (erefore the length of(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
should be no more than log2 n + 2l + 2 (at is to say(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltg So we get
J Emodg 1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
pi⎛⎝ ⎞⎠w
+ 1113944ai0bi1
pi
(8)
Sixth since the length of (1113936(ai1bi1)1 + 1113936bi0pi)w is nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi is no morethan l minus 1 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
+1113936(ai0bi1)pi is no more than 2l minus 1 (at is to say
The initialization phase The hiding phase The extracting phase
Procedure init algorithmInput vector length (n)security strength (l)Output public parameter(PKA) private parameter(SKA)Step 1 MU generates twoprimes w and дStep 2 MU randomlygenerates four setsP = p1 p2 pnQ = q1 q2 qnS = s1 s2 sn andT = t1 t2 tnStep 3 MU computesV = vi = pi + qi д i =1 2 n and U = ui =si + ti д i = 1 2 nStep 4 MU getsSKA = д P Q S T V Uand PKA = wend procedure Initalgorithm
Procedure hiding A algorithmInput vector (a) parameters (PKA andSKA)Output cipher AStep 1 for each ai ∊ a if ai = 1 MUcomputes ci = vi + w and di = ui Otherwise MU computes ci = vi anddi = ui + w
procedure Injecting B algorithmInput vector (b) cliphertext (cipher A)parameter (PKA)Output cipher BStep 1 for each bi ∊ b if bi = 1 CScomputes ei = ci and fi = wdi Otherwise CS computes ei = wci andfi = di
Step 2 MU gets cipher A = C =c1 c2 cn D = d1 d2 dnend procedure Hiding A algorithm
Step 2 CS computes E = sumni=1 ei and
F = sumni=1 fi and cipher B = E F
end procedure Injecting B algorithm
Procedure extra algorithmInput ciphertext (cipher B)parameters (PKA and SKA)Output d(a b)Step 1 MU computesJ = E mod д and K = F mod дStep 2 MU computesX = J - (Jmod(w2))w2 and
Y = K - (Kmod(w2))w2Step 3 MU computesd (a b) = X + Yend procedure Extra algorithm
Figure 2 Construction of NLPAS
Security and Communication Networks 7
(1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltw2 So we getJmod(w2) (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
Finally we get
X J minus Jmod w2( 1113857
w2 1113936 ai1bi0( )11113874 1113875w2
w2 1113944ai1bi0
1 (9)
(is is really the total number of bits where ai 1 andbi 0 Similarly we can learn that Y is the total number ofbits where ai 0 and bi 1 (erefore the Hamming dis-tance of a
and bis d(a
b
) X + YFrom the above discussion we can see that the main idea
of privacy-preserving Hamming distance computation in-cludes two points First we hide the information of a
and b
in a big prime g Second the different bits (eg ai 1 andbi 0) are counted in an independent part of E eg(1113936(ai1bi0)1)w2 which can be extracted using severalmodulo operations
42 Privacy Preserving (e privacy-preserving requirementis to ensure that the adversary cannot extract a
or b
transmitted in the hiding phaseWe first consider the privacy-preserving requirement for
a where the adversary can be anybody who is able to getcipherA including the CS
From the HidingA algorithm defined in Section 33 itcan be seen that ai isin a
is hidden in ci and di Since pi qi siti and g are random numbers known only by theMU ci anddi are random numbers too
Moreover since the length of g is much longer than pisi and w the lengths of ci and di are determined by qig andtig Since qi and ti are random numbers the lengths of ci anddi are randomly determined by qi and ti regardless of thevalue of ai (ie 0 or 1) (erefore for ai 1 (ieci vi + w pi + qig + w) and aj 0 (iecj vj pj + qjg) it may be ci lt cj Similarly for ai 1 andaj 0 it may be di gt dj (at is to say the set of ci and di
including w may or may not be bigger than the set of ci anddi without w So the adversary cannot get the value of ai
from ci and di by determining that a bigger random ci
represents 1 or a smaller random di represents 1 In otherwords without knowing the set of random secrets(pi qi si ti g) the adversary can extract ai from ci or di onlywith a negligible probability
Furthermore if the length of a is n the probability that
the adversary can get a is (12)n
We then consider the privacy-preserving requirementfor b where the adversary can be anybody who is able to get
cipherB including the MUFrom the InjectingB algorithm defined in Section 33 it
can be seen that bi is hidden in E and F using the additionoperations Knowing the result of addition the adversarycan extract bi only with a negligible probability (ereforethe privacy of b
is ensured by the addition operation
Moreover assuming the MU is the adversary who wantsto extract b
from cipherB E F the MU has to solve the
two equations E (1113936(ai1bi0)1)w2+ (1113936(ai1bi1)1+
1113936bi0pi)w+1113936(ai0bi1)pi + (1113936(bi1)qi + 1113936bi0wqi)g and F
(1113936(ai0bi1)1)w2 + (1113936(ai0 bi 0)1 + 1113936bi1si)w+1113936(ai1bi0)
si + (1113936(bi0)ti + 1113936bi1wti)g Since the MU knows(pi qi si ti g w) these two equations can be treated astwo linear equations with n unknown numbers (ie(b1 middot middot middot bn)) (erefore when ngt 2 there are a number ofsolutions for them In addition for n-bit b
the number of
solutions is (12)n(at is to say the probability that theMUcan extract b
from cipherB (E F) is (12)n
From the above discussion it can be seen that the ad-versary cannot extract a
or b
transmitted in the hidingphase (erefore NLPAS can achieve the privacy-preservinggoal
43 Content Privacy (e content privacy requirement is toensure that the adversary cannot extract content of theinterested image stored on the CS from cipherB(e contentof the interested image is included in b
Since the adversary
cannot extract b
from cipherB as shown in the previoussubsection the content of the interested image stored on theCS cannot be extracted (erefore NLPAS can achieve thecontent privacy goal
44 Auditing (e auditing requirement is to ensure that theMU can determine whether the content in the image storedon the CS meets the MUrsquos requirement (is is ensured bythe Hamming distance If the Hamming distance of a
and b
is smaller than the threshold the MU can determine that thecontent in the image is the one heshe needs Otherwise thecontent in the image is not needed by theMUMoreover thecorrectness of Hamming distance computation is ensured inSection 41
5 Efficiency Evaluation
As shown in Section 3 NLPAS includes two parts featureextracting using the binary convolutional neural networkand similarity computation using the privacy-preservingHamming distance (erefore we mainly evaluate thecomputation costs consumed in these two parts Moreoverfor the feature extracting part we will evaluate the accuracyof the trained model (ie mode)
51 Accuracy To provide a benchmark of efficiency eval-uation we used the MNIST data set [45] and LeNet [46] forcomparing the accuracy of the binary convolutional neuralnetwork with that of the full-precision convolutional neuralnetwork
MNIST [45] is a data set of handwritten digits whichcontains a training set of 60000 examples and a test set of10000 examples And all examples in the training and testdata sets are 28 times 28 binary images
LeNet [46] is a convolutional neural network with threeconvolutional layers two subsampling layers two fullconnection layers an input layer and an output layer
8 Security and Communication Networks
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
Security has vital significance for NLPAS To avoideconomic loss the CS is not willing to transport images tothe MU before the latter pays for them On the other handthe MU is not willing to pay for images before heshe canmake sure that these images really meet the requirement Tohandle this dilemma it is reasonable to design a privacy-preserving auditing protocol which allows the MU to checkwhether these images meet the requirement before down-loading them Unfortunately the current security protocolsfor crowdsourcing systems (ie [3ndash40]) only consider howthe CS checks images uploaded by workers(is leads to twoissues First to earn more money the CS is not willing tocheck images and provide true information to the MUSecond the requirements of multipleMUsmay vary and theCS may not know them For example one MU may beinterested in the hill in the image while another MUmay beinterested in the lion in the image In this case it is im-possible for the CS to know the requirements of multipleMUs So to make sure the images on the CS meet the re-quirements of the MU it is desired to design a privacy-preserving auditing protocol for mobile crowdsourcingsystems
Efficiency is another serious concern for NLPAS Due tolimited resources of mobile devices the MU is seriouslyconcerned about the high computation cost arising fromrunning the auditing protocol At the same time the CS willhave to handle a lot of auditing requests from multipleMUs and it is seriously concerned about the computationcost too So the newly designed auditing protocol shouldbe lightweight Taking both security and efficiency intoaccount we aim to design a noninteractive privacy-pre-serving lightweight auditing protocol on images in themobile crowdsourcing system which extracts features fromimages and then determines whether these features meetthe MUrsquos requirement An auditing protocol for the mobilecrowdsourcing system should fulfill the followingrequirements
(1) Privacy Preserving When auditing images on the CSthe MU must be ensured that hisher requirement isnot leaked to the CS or a third-party adversaryOtherwise the CS may forge wrong information topass the auditing resulting in economic loss of theMU At the same time the CS must be ensured thatthe features of images are not leaked to the MU or athird-party adversary too Otherwise it will result ineconomic loss of the CS
(2) Content Privacy During auditing the CS should beensured that the MU or a third-party adversarycannot extract content of images from exchangedinformation Otherwise the adversary may stealcontent of images stored on the CS resulting ineconomic loss of the CS
(3) Auditing After the auditing process the MU shouldbe able to determine whether the content in an imagemeets hisher requirement
(4) Computation Cost (e CS and the MU should beensured that their computation costs are low whenrunning auditing algorithms
(5) Accuracy(e CS and theMU should be ensured thatthe accuracy of themodel used for extracting featuresfrom images during auditing is high
Obviously designing an auditing protocol for NLPAS isa nontrivial task as the MU has to determine whether theimages stored on the CS meet the requirement withoutdownloading them Recently security protocols for mobilecrowdsourcing systems have focused on image-checkingtechniques run by the CS However there is no protocolconsidering the image-checking technique established by theMU Moreover when focusing on this topic we notice thatthere is no security scheme which can be directly used forsatisfying all the above requirements We will present thedetailed analysis for arriving at this conclusion in the nextsection (is becomes a more serious issue since more andmore mobile crowdsourcing systems are being deployedMotivated by this observation in this paper we mainly makethree contributions
(1) We present a comprehensive set of requirements forauditing protocols in mobile crowdsourcing systemsand show some security and efficiency problems ofcurrent data checking protocols in mobile crowd-sourcing systems
(2) We propose a novel auditing protocol called NLPASwhich can check whether the images stored on the CSmeet the MUrsquos requirement However different fromcurrent data checking protocols for mobile crowd-sourcing systems NLPAS allows the MU instead of theCS to check images in a privacy-preserving manner Bydoing so the MU can determine whether the imagesmeet the requirement before paying for them At thesame time the CS can make sure that those images willnot be leaked To fulfill all these requirements we willfirst introduce the ldquobinary convolutional neural network(BCNN)rdquo technique [41] to the newly designed auditingprotocol for extracting features of images and then wewill design a novel privacy-preserving Hamming dis-tance computation [42] technique for determiningwhether the images meet the MUrsquos requirements Sincethese two techniques are quite lightweight the com-putation cost of NLPAS can be reduced significantly
(3) We analyze the security of NLPAS showing it sat-isfies requirements (1) (2) and (3) in Section 1 Andwe evaluate the efficiency of NLPAS showing itsatisfies requirements (4) and (5) in Section 1 Weorganize the remainder of this paper as follows Firstwe investigate the related work in Section 2 Secondwe describe the NLPAS protocol in Section 3 fol-lowed by security analysis and efficiency evaluationin Sections 4 and 5 respectively Finally in Section 6we draw our conclusions
2 Security and Communication Networks
2 Related Work
21DataTrust Data trust is an essential security problem inmobile crowdsourcing systems Due to openness workers inmobile crowdsourcing systems may have different securityabilities resulting in low data trust [3] Recently a lot ofpapers have been published focusing on data trust incrowdsourcing systems as illustrated below
211 Voting-Based Data Checking (is sort of scheme takesobserved results with the most observers as the true data[4ndash6] For example in [4] the authors allowed a number ofobservers to report their evaluation results on data and tookthe one as true data if most of the evaluation results werepositive Similarly the authors in [5] aimed to find conflictsof data obtained frommultiple workers which could be seenas a variation of the voting-based data checking scheme
212 Context Information-Based Data Checking (is sortof scheme uses context information such as location in-formation to determine whether the data are true or not Forexample in [7] the authors required workers to uploadlocation information together with data while the CS usedlocation information to determine whether the data weretrue or not Similarly the authors in [8 9] used the workerrsquostrajectory for determining whether the data were true or not
213 Statistics-Based Data Checking (is sort of scheme[10ndash13] uses statistic methods for evaluating whether thedata are true or not For example the authors in [10] usedmaximum likelihood estimation for checking data And theauthors in [11] used maximum a posteriori (MAP) esti-mation for determining whether the data were true or not
214 Gold Data Set-Based Data Checking (is sort ofscheme uses a gold data set for checking data uploaded byworkers [14 15] For example in [15] the authors assignedfully trusted workers with a gold data set for checking datauploaded from other workers
215 Data Redundancy Checking (is sort of scheme aimsto address data redundancy issues [16 17] For example in[16] the authors designed a scheme to find redundancy datafrom multiple workers and used redundancy data for esti-mating missing values
From the above analysis it can be seen that the existingschemes mainly focus on data checking performed by the CSand workers And they mainly consider whether the data arecorrect However existing schemes did not allow the mobileusers to check data before downloading it Moreover existingschemes only focus on the correctness of data and do notconsider whether the data match the MUrsquos requirement sincerequirements from multiple mobile users may vary (is leadsto a serious issue (e mobile user may waste money onnonmatched data(erefore an auditing scheme performed bythe MU before data downloading is desired
22 Data Privacy Data privacy is another importantproblem in mobile crowdsourcing systems First if the datauploaded by workers are leaked the CS and workers maylose money More importantly if the leaked data containprivacy of workers the adversary may cause them harmSecond if the data of mobile users are leaked the adversarymay deduce valuable information about mobile users [3](erefore data privacy is a serious concern in crowd-sourcing systems Papers about data privacy in mobilecrowdsourcing systems are illustrated below
221 Encryption (is sort of scheme aims to encrypt databefore uploading them [18ndash21] For example in [18] ahomomorphic identity-based encryption algorithm wasdesigned for protecting data uploaded by workers
222 Differential Privacy (is sort of scheme adds per-turbation to data [22ndash25] For example in [25] the authorsadded random perturbation to data uploaded by workers
223 Location Privacy (is sort of scheme aims to protectlocation information of workers [26ndash31] For example in[26] the authors used k-anonymity for providing locationprivacy
224 Personal Information Privacy (is sort of schemeaims to protect personal information of workers and mobileusers [32ndash35] For example in [35] the authors definedmultiple privacy level of personal information
Recently several new techniques such as blockchain andfog computing have been introduced to mobile crowd-sourcing networks [36ndash40] For example in [36] the authorsused blockchain for user authorization And in [38] theauthors used fog computing for data aggregation and taskallocation Finally the features of existing schemes are listedin Table 1
From Table 1 it can be seen that the existing schemes canprovide data trust and privacy protection in various waysHowever most schemes only consider one feature eitherdata trust or privacy preserving And no scheme providesboth features Moreover all existing schemes do not supportthe noninteractive feature (is leads to a dilemma on theone hand to provide privacy protection the MU cannot getdata before paying for it on the other hand the MU has tocheck data before paying for it to determine whether thedata meet the requirement
Furthermore for images this dilemma becomes moreserious since the data volume of images is much larger thanthat of traditional texts To handle this dilemma it is desiredto design a noninteractive lightweight privacy-preservingauditing protocol on images in mobile crowdsourcingnetworks which allows the MU to efficiently determinewhether the images meet the requirements without knowinganything about these images
Security and Communication Networks 3
3 NLPAS The Protocol
31 Preliminaries
311 Binary Convolutional Neural Networks A convolu-tional neural network [41] is a kind of neural networkswhose forward propagation operation can be expressed asY f(WotimesX) where Y is the output tensor of the oper-ation f(middot) is a nonlinear function W and X are the weighttensor and the activation tensor generated by the previousneural network layer and otimes is the convolution operation Abinary convolutional neural network is a kind of convolu-tional neural networks whose weights w isinW and activa-tions x isin X are 1 bit instead of the floating point And theforward propagation operation can be expressed as Y
f(WotimesX) f((mBW)otimes nBX) f(mnBW otimesBX) where m
and n are integers and each bW isin BW is computed from thecorresponding w isinW as follows
bW sgn(w) 1 wge 0
minus 1 wlt 01113896 (1)
Similarly each bX isin BX is computed from the corre-sponding x isin X as follows
bX sgn(x) 1 xge 0
minus 1 xlt 01113896 (2)
For bitwise bW and bX the BW otimesBX operation can beefficiently computed using the XNOR-bitcount algorithmdefined in [43]
Moreover since the sgn function is not differentiable duringbackward propagation Bengio et al used the clip functioninstead of sgn as follows clip(middot) max(minus 1 min(1 middot)) [44] Byusing the clip function the binary convolutional neural networkcan use the same gradient descent algorithm as that of tradi-tional neural networks to update parameters during training
312 Hamming Distance (e Hamming distance [42] isdefined below
Given two n-bit binary vectors a
a1 a2 middot middot middot an andb
b1 b2 middot middot middot bn where (ai isin 0 1 i 1 middot middot middot n) and(bi isin 0 1 i 1 middot middot middot n) the Hamming distance of a
and b
is defined as
d(a
b
) 1113944n
i1ai otimes bi( 1113857 (3)
(e above definition shows that the Hamming distanceis the total number of different bits between a
and b In
other words to compute the Hamming distance we need tocount the different bits between a
and b
32 System Model (e main purpose of NLPAS is to de-termine whether the image on the CS meets the requirementof the MU in a privacy-preserving manner
(e main idea of NLPAS can be divided into two partsnamely the feature extracting part and the Hamming dis-tance computation part For the feature extracting part theMU first defines a binary convolutional neural network andtrains it using a data set according to the userrsquos requirement(en the MU extracts a binary vector (a) from a templateimage using this binary convolutional neural network whichis used as the requirement feature Finally the MU sends thetrained binary convolutional neural network to the CS andthe latter extracts a binary vector (b
) from the image to be
audited using this trained network which is used as theauditing feature Since the binary convolutional neuralnetwork is quite lightweight NLPAS can achieve highefficiency
For theHamming distance computation part theMU andthe CS hide the two input vectors (a and b
) in a carrier
number respectively And then all operations for countingdifferent bits between these two vectors are based on five basicmathematical operations namely addition subtractionmultiplication division and modulo operations Since thesefive basic mathematical operations are quite lightweight ourscheme can achieve high efficiency
Based on the feature extracting and Hamming distancecomputation techniques the MU compares the Hammingdistance of a
and bwith a threshold to determine whether
the interested image on the CS meets the requirement(e system model of NLPAS is shown in Figure 1 which
includes three phases as described below And the notationsare listed in Table 2
Table 1 Features of existing schemes
Data trust Privacy preserving Noninteractive[4ndash6] Voting-based data checking [7ndash9] Context information-based data checking [10ndash13] Statistics-based data checking [14 15] Gold data set-based data checking [16 17] Data redundancy checking [18ndash21] Encryption [22ndash25] Differential privacy [26ndash31] Location privacy [32ndash35] Personal information privacy [36] Blockchain-based authorization [37] Blockchain-based data privacy [38] Fog-based data privacy
4 Security and Communication Networks
321 e Initialization Phase During this phase the MUdefines a binary convolutional neural network model(mode) trains it and extracts a binary vector a
from thetemplate image using themode (en the MU generatespublic and private cryptographic parameters for the NLPASsystem (ese cryptographic parameters will be used forhiding vectors and extracting results in the following hiding
phase and extracting phase (e initialization algorithm isdescribed as follows
SKA PKA1113864 1113865⟵Init(n l) (is algorithm is run by theMU for generating system parameters for NLPAS It takes asinput the length of input vectors (ie n) and the securitystrength of NLPAS (ie l-bit) and outputs the set of privateand public cryptographic parameters (ie SKA and PKA)
MU CS
cipher Blarr Injecting B (b cipher A PKA)
cipher Alarr Hiding A (a SKA PKA) Cipher A
Cipher B
The initialization phaseSKA PKA larr Init (n l)
The hiding phase
d (a b)larr Extra (cipher B SKA PKA)
The extracting phase
PKA mode
Figure 1 System model of NLPAS
Table 2 Notations in this paper
Notation Descriptionmode Binary convolutional neural network model trained by the MUSKA Private parameters of the MUPKA Public parameters of NLPASa
a1 middot middot middot ai middot middot middot an Feature vector of the MUb
b1 middot middot middot bi middot middot middot bn Feature vector of the CSn Length of the two binary vectors a
and b
l Security strength of NLPAScipherA C D Ciphertexts generated by the MUC c1 c2 middot middot middot cn1113864 1113865 (e first set of random numbers that a
is hidden inD d1 d2 middot middot middot dn1113864 1113865 (e second set of random numbers that a
is hidden incipherB E F Ciphertexts generated by the CSd(a
b
) Hamming distance of a and b
ei i 1 2 middot middot middot n1113864 1113865 (e first set of random numbers that d(a
b
) is hidden infi i 1 2 middot middot middot n1113864 1113865 (e second set of random numbers that d(a
b
) is hidden inthres (reshold for determining whether the image on the CS meets the MUrsquos requirementw Prime number for counting different bits in a
and b
g Prime number used as a carrierP p1 p2 middot middot middot pn1113864 1113865 (e first set of random numbers for hiding g
Q q1 q2 middot middot middot qn1113864 1113865 (e second set of random numbers for hiding g
S s1 s2 middot middot middot sn1113864 1113865 (e third set of random numbers for hiding g
T t1 t2 middot middot middot tn1113864 1113865 (e fourth set of random numbers for hiding g
V vi pi + qig i 1 2 middot middot middot n1113864 1113865 (e first set of bases for hiding vectorsU ui si + tig i 1 2 middot middot middot n1113864 1113865 (e second set of bases for hiding vectorsJ K Transitional values for extracting the hamming distanceX Y Values that contain the hamming distance
Security and Communication Networks 5
(en the MU sends the public parameter (PKA) and thetrained model (mode) to the CS And the latter extracts abinary vector b
from the interested image stored on it
After the initialization phase the MU holds(SKA PKA a
mode) and the CS holds (PKA b
mode)
322 e Hiding Phase When the MU wants to computethe Hamming distance d(a
b
) where a is known only by the
MU and bis known only by the CS it establishes the hiding
process by running the HidingA algorithm and sending theresults to the CS(eHidingA algorithm is described below
cipherA1113864 1113865⟵HidingA(a
SKA PKA) (is algorithm isrun by the MU for hiding the binary vector a
into a ci-phertext It takes as inputs the MUrsquos binary vector (ie a
)the MUrsquos private parameter (ie SKA) and the MUrsquos publicparameter (ie PKA) and outputs the ciphertext (iecipherA)
Upon receiving the ciphertext (ie cipherA) the CSinjects its vector (ie b
) into cipherA using the InjectingB
algorithm and gets the updated ciphertext cipherB (enthe CS sends cipherB back to the MU and the Hammingdistance of vectors a
and b
is included in cipherB (eInjectingB algorithm is described below
1113864cipherB⟵InjectingB(b
cipherA PKA) (is algo-rithm is run by the CS for injecting the binary vector b
into
cipherA It takes as inputs the CSrsquos binary vector (ie b) the
MUrsquos ciphertext (ie cipherA) and the MUrsquos public pa-rameter (ie PKA) and outputs the updated ciphertext (iecipherB)
After the hiding phase the MU gets cipherB and theHamming distance of a
and bis hidden in cipherB for being
extracted in the following extracting phase
323 e Extracting Phase After receiving the updatedciphertext (ie cipherB) from the CS the MU extracts theHamming distance from cipherB using the Extra algo-rithm which is described below
d(a
b
)⟵Extra(cipherB SKA PKA) (is algorithmis run by the MU for extracting the Hamming distance fromthe updated ciphertext (ie cipherB) It takes as inputs theupdated ciphertext cipherB the MUrsquos private parameter(ie SKA) and the MUrsquos public parameter (ie PKA) andoutputs the Hamming distance of a
and b(ie d(a
b
))After the extracting phase the MU gets the Hamming
distance of a and b
(ie d(a
b
)) (en the MU setsa threshold value thres If d(a
b
)ge thres the interestedimage stored on the CS does not match the MUrsquos re-quirement Otherwise the interested image on the CSmatches the MUrsquos requirement
In the above system model the MUrsquos vector a is hidden
in cipherA using the HidingA algorithm which cannot beknown by the CS At the same time the CSrsquos vector b
is
hidden in cipherB using the InjectingB algorithm whichcannot be known by the MU(erefore NLPAS can achievethe privacy-preserving goal described in Section 1
In the above systemmodel the CSrsquos vector bis hidden in
cipherB using the InjectingB algorithm which cannot beknown by the MU (erefore the MU only knows the
Hamming distance between a and b
and does not know b
and the corresponding interested image (erefore NLPAScan achieve the content privacy goal described in Section 1
33 Construction (e construction of NLPAS is a tuple(Init HidingA InjectingB Extra) of probabilistic polyno-mial time algorithms as shown in Figure 2 and the detailsare defined below
SKA PKA1113864 1113865⟵Init(n l) (e MU runs this algorithmfor generating system parameters for NLPAS as followsFirst the MU generates a l-bit prime number w for countingdifferent bits Second the MU generates a large primenumber g with the length 2l + 2 + log2 n as the carrier ofNLPAS (ird the MU generates four sets of positiverandom numbers for hiding g namely P p1 p2 middot middot middot pn1113864 1113865Q q1 q2 middot middot middot qn1113864 1113865 S s1 s2 middot middot middot sn1113864 1113865 and T t1 t2 middot middot middot 1113864
tn where 1113936ni1 pi lt (w minus n)2 1113936
ni1 si lt (w minus n)2 Fourth
the MU computes two sets of bases for hiding vectors asfollows V vi pi1113864 +qig i 1 2 middot middot middot n and U ui si1113864
+ tig i 1 2 middot middot middot n Finally the MU gets SKA
g P Q S T V U1113864 1113865 and PKA wcipherA1113864 1113865⟵HidingA(a
SKA PKA) (e MU runs
this algorithm for hiding the binary vectora
a1 middot middot middot ai middot middot middot an into a ciphertext as follows (e MUcomputes ci vi + w and di ui for each ai 1 in a
Otherwise ci vi and di ui + w (en the MU getscipherA C c111138641113864 c2 middot middot middot cn D d1 d2 middot middot middot dn1113864 1113865
1113864cipherB⟵InjectingB (b
cipherA PKA) (e CSruns this algorithm for injecting the binary vectorb
b1 middot middot middot bi middot middot middot bn into cipherA as follows First the CScomputes ei ci and fi wdi for each bi 1 in b
Oth-
erwise ei wci and fi di Second the CS computes E
1113936ni1 ei and F 1113936
ni1 fi Finally the CS gets cipherB E F
d(a
b
)⟵Extra(cipherB SKA PKA) (e MU runsthis algorithm for extracting the Hamming distance from theupdated ciphertext (ie cipherB) as follows First the MUcomputes J Emodg and K Fmodg Second the MUcomputes X J minus (Jmod(w2))w2 andY K minus (Kmod(w2))w2 (ird the MU computesd(a
b
) X + YIn the above construction NLPAS uses only a few simple
mathematical operations (ie addition subtraction multi-plication division and modulo operations) instead of time-consuming cryptographic operations such as modular ex-ponentiation (erefore it enjoys high efficiency We willfurther evaluate the efficiency of NLPAS in Section 5
4 Security Analysis
In this section we first show that NLPAS is correct and thenanalyze the security of NLPAS according to the securityrequirements described in Section 1 (ie privacy preservingcontent privacy and auditing)
41 Correctness In the construction in Section 33 we use X
for counting the bits where ai 1 and bi 0 Similarly weuse Y for counting the bits where ai 0 and bi 1
6 Security and Communication Networks
(erefore the Hamming distance of a and b
can be
computed as d(a
b
) X + YIn this section we shall show that X can really be used
for counting the bits where ai 1 and bi 0 And themeaning of Y can be analyzed in a similar way
We start analyzing the meaning of X from the variable ei
as follows First according to the InjectingB algorithm ei
can be written as
ei ci bi 1
wci bi 01113896 (4)
Second taking the value of ci in the HidingA algorithminto consideration ei can be further written as
ei
vi + w ai 1 bi 1( 1113857
vi ai 0 bi 1( 1113857
w vi + w( 1113857 ai 1 bi 0( 1113857
wvi ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(5)
(ird taking the value of vi in the Init algorithm intoconsideration ei can be written as
ei
pi + qig + w ai 1 bi 1( 1113857
pi + qig ai 0 bi 1( 1113857
w pi + qig + w( 1113857 ai 1 bi 0( 1113857
w pi + qig( 1113857 ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(6)
Fourth considering all the four conditions (ie(ai 1 bi 1) (ai 1 bi 0) (ai 0 bi 1) and(ai 0 bi 0)) together we can compute
E 1113944n
i1ei 1113944
ai1bi1pi + qig + w( 1113857 + 1113944
ai1bi0w pi + qig + w( 1113857( 1113857
+ 1113944ai0bi1
pi + qig( 1113857 + 1113944ai0bi0
w pi + qig( 1113857( 1113857
1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
piw⎛⎝ ⎞⎠ + 1113944
ai0bi1pi
+ 1113944bi1
qi + 1113944bi0
wqi⎛⎝ ⎞⎠g
(7)
Fifth since the length of w is l-bit the length of(1113936(ai1bi0)1)w2 should be no more than log2 n + 2l Since1113936
ni1 pi lt (w minus n)2 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
should be nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi
should be no more than l minus 1 (erefore the length of(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
should be no more than log2 n + 2l + 2 (at is to say(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltg So we get
J Emodg 1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
pi⎛⎝ ⎞⎠w
+ 1113944ai0bi1
pi
(8)
Sixth since the length of (1113936(ai1bi1)1 + 1113936bi0pi)w is nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi is no morethan l minus 1 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
+1113936(ai0bi1)pi is no more than 2l minus 1 (at is to say
The initialization phase The hiding phase The extracting phase
Procedure init algorithmInput vector length (n)security strength (l)Output public parameter(PKA) private parameter(SKA)Step 1 MU generates twoprimes w and дStep 2 MU randomlygenerates four setsP = p1 p2 pnQ = q1 q2 qnS = s1 s2 sn andT = t1 t2 tnStep 3 MU computesV = vi = pi + qi д i =1 2 n and U = ui =si + ti д i = 1 2 nStep 4 MU getsSKA = д P Q S T V Uand PKA = wend procedure Initalgorithm
Procedure hiding A algorithmInput vector (a) parameters (PKA andSKA)Output cipher AStep 1 for each ai ∊ a if ai = 1 MUcomputes ci = vi + w and di = ui Otherwise MU computes ci = vi anddi = ui + w
procedure Injecting B algorithmInput vector (b) cliphertext (cipher A)parameter (PKA)Output cipher BStep 1 for each bi ∊ b if bi = 1 CScomputes ei = ci and fi = wdi Otherwise CS computes ei = wci andfi = di
Step 2 MU gets cipher A = C =c1 c2 cn D = d1 d2 dnend procedure Hiding A algorithm
Step 2 CS computes E = sumni=1 ei and
F = sumni=1 fi and cipher B = E F
end procedure Injecting B algorithm
Procedure extra algorithmInput ciphertext (cipher B)parameters (PKA and SKA)Output d(a b)Step 1 MU computesJ = E mod д and K = F mod дStep 2 MU computesX = J - (Jmod(w2))w2 and
Y = K - (Kmod(w2))w2Step 3 MU computesd (a b) = X + Yend procedure Extra algorithm
Figure 2 Construction of NLPAS
Security and Communication Networks 7
(1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltw2 So we getJmod(w2) (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
Finally we get
X J minus Jmod w2( 1113857
w2 1113936 ai1bi0( )11113874 1113875w2
w2 1113944ai1bi0
1 (9)
(is is really the total number of bits where ai 1 andbi 0 Similarly we can learn that Y is the total number ofbits where ai 0 and bi 1 (erefore the Hamming dis-tance of a
and bis d(a
b
) X + YFrom the above discussion we can see that the main idea
of privacy-preserving Hamming distance computation in-cludes two points First we hide the information of a
and b
in a big prime g Second the different bits (eg ai 1 andbi 0) are counted in an independent part of E eg(1113936(ai1bi0)1)w2 which can be extracted using severalmodulo operations
42 Privacy Preserving (e privacy-preserving requirementis to ensure that the adversary cannot extract a
or b
transmitted in the hiding phaseWe first consider the privacy-preserving requirement for
a where the adversary can be anybody who is able to getcipherA including the CS
From the HidingA algorithm defined in Section 33 itcan be seen that ai isin a
is hidden in ci and di Since pi qi siti and g are random numbers known only by theMU ci anddi are random numbers too
Moreover since the length of g is much longer than pisi and w the lengths of ci and di are determined by qig andtig Since qi and ti are random numbers the lengths of ci anddi are randomly determined by qi and ti regardless of thevalue of ai (ie 0 or 1) (erefore for ai 1 (ieci vi + w pi + qig + w) and aj 0 (iecj vj pj + qjg) it may be ci lt cj Similarly for ai 1 andaj 0 it may be di gt dj (at is to say the set of ci and di
including w may or may not be bigger than the set of ci anddi without w So the adversary cannot get the value of ai
from ci and di by determining that a bigger random ci
represents 1 or a smaller random di represents 1 In otherwords without knowing the set of random secrets(pi qi si ti g) the adversary can extract ai from ci or di onlywith a negligible probability
Furthermore if the length of a is n the probability that
the adversary can get a is (12)n
We then consider the privacy-preserving requirementfor b where the adversary can be anybody who is able to get
cipherB including the MUFrom the InjectingB algorithm defined in Section 33 it
can be seen that bi is hidden in E and F using the additionoperations Knowing the result of addition the adversarycan extract bi only with a negligible probability (ereforethe privacy of b
is ensured by the addition operation
Moreover assuming the MU is the adversary who wantsto extract b
from cipherB E F the MU has to solve the
two equations E (1113936(ai1bi0)1)w2+ (1113936(ai1bi1)1+
1113936bi0pi)w+1113936(ai0bi1)pi + (1113936(bi1)qi + 1113936bi0wqi)g and F
(1113936(ai0bi1)1)w2 + (1113936(ai0 bi 0)1 + 1113936bi1si)w+1113936(ai1bi0)
si + (1113936(bi0)ti + 1113936bi1wti)g Since the MU knows(pi qi si ti g w) these two equations can be treated astwo linear equations with n unknown numbers (ie(b1 middot middot middot bn)) (erefore when ngt 2 there are a number ofsolutions for them In addition for n-bit b
the number of
solutions is (12)n(at is to say the probability that theMUcan extract b
from cipherB (E F) is (12)n
From the above discussion it can be seen that the ad-versary cannot extract a
or b
transmitted in the hidingphase (erefore NLPAS can achieve the privacy-preservinggoal
43 Content Privacy (e content privacy requirement is toensure that the adversary cannot extract content of theinterested image stored on the CS from cipherB(e contentof the interested image is included in b
Since the adversary
cannot extract b
from cipherB as shown in the previoussubsection the content of the interested image stored on theCS cannot be extracted (erefore NLPAS can achieve thecontent privacy goal
44 Auditing (e auditing requirement is to ensure that theMU can determine whether the content in the image storedon the CS meets the MUrsquos requirement (is is ensured bythe Hamming distance If the Hamming distance of a
and b
is smaller than the threshold the MU can determine that thecontent in the image is the one heshe needs Otherwise thecontent in the image is not needed by theMUMoreover thecorrectness of Hamming distance computation is ensured inSection 41
5 Efficiency Evaluation
As shown in Section 3 NLPAS includes two parts featureextracting using the binary convolutional neural networkand similarity computation using the privacy-preservingHamming distance (erefore we mainly evaluate thecomputation costs consumed in these two parts Moreoverfor the feature extracting part we will evaluate the accuracyof the trained model (ie mode)
51 Accuracy To provide a benchmark of efficiency eval-uation we used the MNIST data set [45] and LeNet [46] forcomparing the accuracy of the binary convolutional neuralnetwork with that of the full-precision convolutional neuralnetwork
MNIST [45] is a data set of handwritten digits whichcontains a training set of 60000 examples and a test set of10000 examples And all examples in the training and testdata sets are 28 times 28 binary images
LeNet [46] is a convolutional neural network with threeconvolutional layers two subsampling layers two fullconnection layers an input layer and an output layer
8 Security and Communication Networks
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
21DataTrust Data trust is an essential security problem inmobile crowdsourcing systems Due to openness workers inmobile crowdsourcing systems may have different securityabilities resulting in low data trust [3] Recently a lot ofpapers have been published focusing on data trust incrowdsourcing systems as illustrated below
211 Voting-Based Data Checking (is sort of scheme takesobserved results with the most observers as the true data[4ndash6] For example in [4] the authors allowed a number ofobservers to report their evaluation results on data and tookthe one as true data if most of the evaluation results werepositive Similarly the authors in [5] aimed to find conflictsof data obtained frommultiple workers which could be seenas a variation of the voting-based data checking scheme
212 Context Information-Based Data Checking (is sortof scheme uses context information such as location in-formation to determine whether the data are true or not Forexample in [7] the authors required workers to uploadlocation information together with data while the CS usedlocation information to determine whether the data weretrue or not Similarly the authors in [8 9] used the workerrsquostrajectory for determining whether the data were true or not
213 Statistics-Based Data Checking (is sort of scheme[10ndash13] uses statistic methods for evaluating whether thedata are true or not For example the authors in [10] usedmaximum likelihood estimation for checking data And theauthors in [11] used maximum a posteriori (MAP) esti-mation for determining whether the data were true or not
214 Gold Data Set-Based Data Checking (is sort ofscheme uses a gold data set for checking data uploaded byworkers [14 15] For example in [15] the authors assignedfully trusted workers with a gold data set for checking datauploaded from other workers
215 Data Redundancy Checking (is sort of scheme aimsto address data redundancy issues [16 17] For example in[16] the authors designed a scheme to find redundancy datafrom multiple workers and used redundancy data for esti-mating missing values
From the above analysis it can be seen that the existingschemes mainly focus on data checking performed by the CSand workers And they mainly consider whether the data arecorrect However existing schemes did not allow the mobileusers to check data before downloading it Moreover existingschemes only focus on the correctness of data and do notconsider whether the data match the MUrsquos requirement sincerequirements from multiple mobile users may vary (is leadsto a serious issue (e mobile user may waste money onnonmatched data(erefore an auditing scheme performed bythe MU before data downloading is desired
22 Data Privacy Data privacy is another importantproblem in mobile crowdsourcing systems First if the datauploaded by workers are leaked the CS and workers maylose money More importantly if the leaked data containprivacy of workers the adversary may cause them harmSecond if the data of mobile users are leaked the adversarymay deduce valuable information about mobile users [3](erefore data privacy is a serious concern in crowd-sourcing systems Papers about data privacy in mobilecrowdsourcing systems are illustrated below
221 Encryption (is sort of scheme aims to encrypt databefore uploading them [18ndash21] For example in [18] ahomomorphic identity-based encryption algorithm wasdesigned for protecting data uploaded by workers
222 Differential Privacy (is sort of scheme adds per-turbation to data [22ndash25] For example in [25] the authorsadded random perturbation to data uploaded by workers
223 Location Privacy (is sort of scheme aims to protectlocation information of workers [26ndash31] For example in[26] the authors used k-anonymity for providing locationprivacy
224 Personal Information Privacy (is sort of schemeaims to protect personal information of workers and mobileusers [32ndash35] For example in [35] the authors definedmultiple privacy level of personal information
Recently several new techniques such as blockchain andfog computing have been introduced to mobile crowd-sourcing networks [36ndash40] For example in [36] the authorsused blockchain for user authorization And in [38] theauthors used fog computing for data aggregation and taskallocation Finally the features of existing schemes are listedin Table 1
From Table 1 it can be seen that the existing schemes canprovide data trust and privacy protection in various waysHowever most schemes only consider one feature eitherdata trust or privacy preserving And no scheme providesboth features Moreover all existing schemes do not supportthe noninteractive feature (is leads to a dilemma on theone hand to provide privacy protection the MU cannot getdata before paying for it on the other hand the MU has tocheck data before paying for it to determine whether thedata meet the requirement
Furthermore for images this dilemma becomes moreserious since the data volume of images is much larger thanthat of traditional texts To handle this dilemma it is desiredto design a noninteractive lightweight privacy-preservingauditing protocol on images in mobile crowdsourcingnetworks which allows the MU to efficiently determinewhether the images meet the requirements without knowinganything about these images
Security and Communication Networks 3
3 NLPAS The Protocol
31 Preliminaries
311 Binary Convolutional Neural Networks A convolu-tional neural network [41] is a kind of neural networkswhose forward propagation operation can be expressed asY f(WotimesX) where Y is the output tensor of the oper-ation f(middot) is a nonlinear function W and X are the weighttensor and the activation tensor generated by the previousneural network layer and otimes is the convolution operation Abinary convolutional neural network is a kind of convolu-tional neural networks whose weights w isinW and activa-tions x isin X are 1 bit instead of the floating point And theforward propagation operation can be expressed as Y
f(WotimesX) f((mBW)otimes nBX) f(mnBW otimesBX) where m
and n are integers and each bW isin BW is computed from thecorresponding w isinW as follows
bW sgn(w) 1 wge 0
minus 1 wlt 01113896 (1)
Similarly each bX isin BX is computed from the corre-sponding x isin X as follows
bX sgn(x) 1 xge 0
minus 1 xlt 01113896 (2)
For bitwise bW and bX the BW otimesBX operation can beefficiently computed using the XNOR-bitcount algorithmdefined in [43]
Moreover since the sgn function is not differentiable duringbackward propagation Bengio et al used the clip functioninstead of sgn as follows clip(middot) max(minus 1 min(1 middot)) [44] Byusing the clip function the binary convolutional neural networkcan use the same gradient descent algorithm as that of tradi-tional neural networks to update parameters during training
312 Hamming Distance (e Hamming distance [42] isdefined below
Given two n-bit binary vectors a
a1 a2 middot middot middot an andb
b1 b2 middot middot middot bn where (ai isin 0 1 i 1 middot middot middot n) and(bi isin 0 1 i 1 middot middot middot n) the Hamming distance of a
and b
is defined as
d(a
b
) 1113944n
i1ai otimes bi( 1113857 (3)
(e above definition shows that the Hamming distanceis the total number of different bits between a
and b In
other words to compute the Hamming distance we need tocount the different bits between a
and b
32 System Model (e main purpose of NLPAS is to de-termine whether the image on the CS meets the requirementof the MU in a privacy-preserving manner
(e main idea of NLPAS can be divided into two partsnamely the feature extracting part and the Hamming dis-tance computation part For the feature extracting part theMU first defines a binary convolutional neural network andtrains it using a data set according to the userrsquos requirement(en the MU extracts a binary vector (a) from a templateimage using this binary convolutional neural network whichis used as the requirement feature Finally the MU sends thetrained binary convolutional neural network to the CS andthe latter extracts a binary vector (b
) from the image to be
audited using this trained network which is used as theauditing feature Since the binary convolutional neuralnetwork is quite lightweight NLPAS can achieve highefficiency
For theHamming distance computation part theMU andthe CS hide the two input vectors (a and b
) in a carrier
number respectively And then all operations for countingdifferent bits between these two vectors are based on five basicmathematical operations namely addition subtractionmultiplication division and modulo operations Since thesefive basic mathematical operations are quite lightweight ourscheme can achieve high efficiency
Based on the feature extracting and Hamming distancecomputation techniques the MU compares the Hammingdistance of a
and bwith a threshold to determine whether
the interested image on the CS meets the requirement(e system model of NLPAS is shown in Figure 1 which
includes three phases as described below And the notationsare listed in Table 2
Table 1 Features of existing schemes
Data trust Privacy preserving Noninteractive[4ndash6] Voting-based data checking [7ndash9] Context information-based data checking [10ndash13] Statistics-based data checking [14 15] Gold data set-based data checking [16 17] Data redundancy checking [18ndash21] Encryption [22ndash25] Differential privacy [26ndash31] Location privacy [32ndash35] Personal information privacy [36] Blockchain-based authorization [37] Blockchain-based data privacy [38] Fog-based data privacy
4 Security and Communication Networks
321 e Initialization Phase During this phase the MUdefines a binary convolutional neural network model(mode) trains it and extracts a binary vector a
from thetemplate image using themode (en the MU generatespublic and private cryptographic parameters for the NLPASsystem (ese cryptographic parameters will be used forhiding vectors and extracting results in the following hiding
phase and extracting phase (e initialization algorithm isdescribed as follows
SKA PKA1113864 1113865⟵Init(n l) (is algorithm is run by theMU for generating system parameters for NLPAS It takes asinput the length of input vectors (ie n) and the securitystrength of NLPAS (ie l-bit) and outputs the set of privateand public cryptographic parameters (ie SKA and PKA)
MU CS
cipher Blarr Injecting B (b cipher A PKA)
cipher Alarr Hiding A (a SKA PKA) Cipher A
Cipher B
The initialization phaseSKA PKA larr Init (n l)
The hiding phase
d (a b)larr Extra (cipher B SKA PKA)
The extracting phase
PKA mode
Figure 1 System model of NLPAS
Table 2 Notations in this paper
Notation Descriptionmode Binary convolutional neural network model trained by the MUSKA Private parameters of the MUPKA Public parameters of NLPASa
a1 middot middot middot ai middot middot middot an Feature vector of the MUb
b1 middot middot middot bi middot middot middot bn Feature vector of the CSn Length of the two binary vectors a
and b
l Security strength of NLPAScipherA C D Ciphertexts generated by the MUC c1 c2 middot middot middot cn1113864 1113865 (e first set of random numbers that a
is hidden inD d1 d2 middot middot middot dn1113864 1113865 (e second set of random numbers that a
is hidden incipherB E F Ciphertexts generated by the CSd(a
b
) Hamming distance of a and b
ei i 1 2 middot middot middot n1113864 1113865 (e first set of random numbers that d(a
b
) is hidden infi i 1 2 middot middot middot n1113864 1113865 (e second set of random numbers that d(a
b
) is hidden inthres (reshold for determining whether the image on the CS meets the MUrsquos requirementw Prime number for counting different bits in a
and b
g Prime number used as a carrierP p1 p2 middot middot middot pn1113864 1113865 (e first set of random numbers for hiding g
Q q1 q2 middot middot middot qn1113864 1113865 (e second set of random numbers for hiding g
S s1 s2 middot middot middot sn1113864 1113865 (e third set of random numbers for hiding g
T t1 t2 middot middot middot tn1113864 1113865 (e fourth set of random numbers for hiding g
V vi pi + qig i 1 2 middot middot middot n1113864 1113865 (e first set of bases for hiding vectorsU ui si + tig i 1 2 middot middot middot n1113864 1113865 (e second set of bases for hiding vectorsJ K Transitional values for extracting the hamming distanceX Y Values that contain the hamming distance
Security and Communication Networks 5
(en the MU sends the public parameter (PKA) and thetrained model (mode) to the CS And the latter extracts abinary vector b
from the interested image stored on it
After the initialization phase the MU holds(SKA PKA a
mode) and the CS holds (PKA b
mode)
322 e Hiding Phase When the MU wants to computethe Hamming distance d(a
b
) where a is known only by the
MU and bis known only by the CS it establishes the hiding
process by running the HidingA algorithm and sending theresults to the CS(eHidingA algorithm is described below
cipherA1113864 1113865⟵HidingA(a
SKA PKA) (is algorithm isrun by the MU for hiding the binary vector a
into a ci-phertext It takes as inputs the MUrsquos binary vector (ie a
)the MUrsquos private parameter (ie SKA) and the MUrsquos publicparameter (ie PKA) and outputs the ciphertext (iecipherA)
Upon receiving the ciphertext (ie cipherA) the CSinjects its vector (ie b
) into cipherA using the InjectingB
algorithm and gets the updated ciphertext cipherB (enthe CS sends cipherB back to the MU and the Hammingdistance of vectors a
and b
is included in cipherB (eInjectingB algorithm is described below
1113864cipherB⟵InjectingB(b
cipherA PKA) (is algo-rithm is run by the CS for injecting the binary vector b
into
cipherA It takes as inputs the CSrsquos binary vector (ie b) the
MUrsquos ciphertext (ie cipherA) and the MUrsquos public pa-rameter (ie PKA) and outputs the updated ciphertext (iecipherB)
After the hiding phase the MU gets cipherB and theHamming distance of a
and bis hidden in cipherB for being
extracted in the following extracting phase
323 e Extracting Phase After receiving the updatedciphertext (ie cipherB) from the CS the MU extracts theHamming distance from cipherB using the Extra algo-rithm which is described below
d(a
b
)⟵Extra(cipherB SKA PKA) (is algorithmis run by the MU for extracting the Hamming distance fromthe updated ciphertext (ie cipherB) It takes as inputs theupdated ciphertext cipherB the MUrsquos private parameter(ie SKA) and the MUrsquos public parameter (ie PKA) andoutputs the Hamming distance of a
and b(ie d(a
b
))After the extracting phase the MU gets the Hamming
distance of a and b
(ie d(a
b
)) (en the MU setsa threshold value thres If d(a
b
)ge thres the interestedimage stored on the CS does not match the MUrsquos re-quirement Otherwise the interested image on the CSmatches the MUrsquos requirement
In the above system model the MUrsquos vector a is hidden
in cipherA using the HidingA algorithm which cannot beknown by the CS At the same time the CSrsquos vector b
is
hidden in cipherB using the InjectingB algorithm whichcannot be known by the MU(erefore NLPAS can achievethe privacy-preserving goal described in Section 1
In the above systemmodel the CSrsquos vector bis hidden in
cipherB using the InjectingB algorithm which cannot beknown by the MU (erefore the MU only knows the
Hamming distance between a and b
and does not know b
and the corresponding interested image (erefore NLPAScan achieve the content privacy goal described in Section 1
33 Construction (e construction of NLPAS is a tuple(Init HidingA InjectingB Extra) of probabilistic polyno-mial time algorithms as shown in Figure 2 and the detailsare defined below
SKA PKA1113864 1113865⟵Init(n l) (e MU runs this algorithmfor generating system parameters for NLPAS as followsFirst the MU generates a l-bit prime number w for countingdifferent bits Second the MU generates a large primenumber g with the length 2l + 2 + log2 n as the carrier ofNLPAS (ird the MU generates four sets of positiverandom numbers for hiding g namely P p1 p2 middot middot middot pn1113864 1113865Q q1 q2 middot middot middot qn1113864 1113865 S s1 s2 middot middot middot sn1113864 1113865 and T t1 t2 middot middot middot 1113864
tn where 1113936ni1 pi lt (w minus n)2 1113936
ni1 si lt (w minus n)2 Fourth
the MU computes two sets of bases for hiding vectors asfollows V vi pi1113864 +qig i 1 2 middot middot middot n and U ui si1113864
+ tig i 1 2 middot middot middot n Finally the MU gets SKA
g P Q S T V U1113864 1113865 and PKA wcipherA1113864 1113865⟵HidingA(a
SKA PKA) (e MU runs
this algorithm for hiding the binary vectora
a1 middot middot middot ai middot middot middot an into a ciphertext as follows (e MUcomputes ci vi + w and di ui for each ai 1 in a
Otherwise ci vi and di ui + w (en the MU getscipherA C c111138641113864 c2 middot middot middot cn D d1 d2 middot middot middot dn1113864 1113865
1113864cipherB⟵InjectingB (b
cipherA PKA) (e CSruns this algorithm for injecting the binary vectorb
b1 middot middot middot bi middot middot middot bn into cipherA as follows First the CScomputes ei ci and fi wdi for each bi 1 in b
Oth-
erwise ei wci and fi di Second the CS computes E
1113936ni1 ei and F 1113936
ni1 fi Finally the CS gets cipherB E F
d(a
b
)⟵Extra(cipherB SKA PKA) (e MU runsthis algorithm for extracting the Hamming distance from theupdated ciphertext (ie cipherB) as follows First the MUcomputes J Emodg and K Fmodg Second the MUcomputes X J minus (Jmod(w2))w2 andY K minus (Kmod(w2))w2 (ird the MU computesd(a
b
) X + YIn the above construction NLPAS uses only a few simple
mathematical operations (ie addition subtraction multi-plication division and modulo operations) instead of time-consuming cryptographic operations such as modular ex-ponentiation (erefore it enjoys high efficiency We willfurther evaluate the efficiency of NLPAS in Section 5
4 Security Analysis
In this section we first show that NLPAS is correct and thenanalyze the security of NLPAS according to the securityrequirements described in Section 1 (ie privacy preservingcontent privacy and auditing)
41 Correctness In the construction in Section 33 we use X
for counting the bits where ai 1 and bi 0 Similarly weuse Y for counting the bits where ai 0 and bi 1
6 Security and Communication Networks
(erefore the Hamming distance of a and b
can be
computed as d(a
b
) X + YIn this section we shall show that X can really be used
for counting the bits where ai 1 and bi 0 And themeaning of Y can be analyzed in a similar way
We start analyzing the meaning of X from the variable ei
as follows First according to the InjectingB algorithm ei
can be written as
ei ci bi 1
wci bi 01113896 (4)
Second taking the value of ci in the HidingA algorithminto consideration ei can be further written as
ei
vi + w ai 1 bi 1( 1113857
vi ai 0 bi 1( 1113857
w vi + w( 1113857 ai 1 bi 0( 1113857
wvi ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(5)
(ird taking the value of vi in the Init algorithm intoconsideration ei can be written as
ei
pi + qig + w ai 1 bi 1( 1113857
pi + qig ai 0 bi 1( 1113857
w pi + qig + w( 1113857 ai 1 bi 0( 1113857
w pi + qig( 1113857 ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(6)
Fourth considering all the four conditions (ie(ai 1 bi 1) (ai 1 bi 0) (ai 0 bi 1) and(ai 0 bi 0)) together we can compute
E 1113944n
i1ei 1113944
ai1bi1pi + qig + w( 1113857 + 1113944
ai1bi0w pi + qig + w( 1113857( 1113857
+ 1113944ai0bi1
pi + qig( 1113857 + 1113944ai0bi0
w pi + qig( 1113857( 1113857
1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
piw⎛⎝ ⎞⎠ + 1113944
ai0bi1pi
+ 1113944bi1
qi + 1113944bi0
wqi⎛⎝ ⎞⎠g
(7)
Fifth since the length of w is l-bit the length of(1113936(ai1bi0)1)w2 should be no more than log2 n + 2l Since1113936
ni1 pi lt (w minus n)2 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
should be nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi
should be no more than l minus 1 (erefore the length of(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
should be no more than log2 n + 2l + 2 (at is to say(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltg So we get
J Emodg 1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
pi⎛⎝ ⎞⎠w
+ 1113944ai0bi1
pi
(8)
Sixth since the length of (1113936(ai1bi1)1 + 1113936bi0pi)w is nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi is no morethan l minus 1 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
+1113936(ai0bi1)pi is no more than 2l minus 1 (at is to say
The initialization phase The hiding phase The extracting phase
Procedure init algorithmInput vector length (n)security strength (l)Output public parameter(PKA) private parameter(SKA)Step 1 MU generates twoprimes w and дStep 2 MU randomlygenerates four setsP = p1 p2 pnQ = q1 q2 qnS = s1 s2 sn andT = t1 t2 tnStep 3 MU computesV = vi = pi + qi д i =1 2 n and U = ui =si + ti д i = 1 2 nStep 4 MU getsSKA = д P Q S T V Uand PKA = wend procedure Initalgorithm
Procedure hiding A algorithmInput vector (a) parameters (PKA andSKA)Output cipher AStep 1 for each ai ∊ a if ai = 1 MUcomputes ci = vi + w and di = ui Otherwise MU computes ci = vi anddi = ui + w
procedure Injecting B algorithmInput vector (b) cliphertext (cipher A)parameter (PKA)Output cipher BStep 1 for each bi ∊ b if bi = 1 CScomputes ei = ci and fi = wdi Otherwise CS computes ei = wci andfi = di
Step 2 MU gets cipher A = C =c1 c2 cn D = d1 d2 dnend procedure Hiding A algorithm
Step 2 CS computes E = sumni=1 ei and
F = sumni=1 fi and cipher B = E F
end procedure Injecting B algorithm
Procedure extra algorithmInput ciphertext (cipher B)parameters (PKA and SKA)Output d(a b)Step 1 MU computesJ = E mod д and K = F mod дStep 2 MU computesX = J - (Jmod(w2))w2 and
Y = K - (Kmod(w2))w2Step 3 MU computesd (a b) = X + Yend procedure Extra algorithm
Figure 2 Construction of NLPAS
Security and Communication Networks 7
(1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltw2 So we getJmod(w2) (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
Finally we get
X J minus Jmod w2( 1113857
w2 1113936 ai1bi0( )11113874 1113875w2
w2 1113944ai1bi0
1 (9)
(is is really the total number of bits where ai 1 andbi 0 Similarly we can learn that Y is the total number ofbits where ai 0 and bi 1 (erefore the Hamming dis-tance of a
and bis d(a
b
) X + YFrom the above discussion we can see that the main idea
of privacy-preserving Hamming distance computation in-cludes two points First we hide the information of a
and b
in a big prime g Second the different bits (eg ai 1 andbi 0) are counted in an independent part of E eg(1113936(ai1bi0)1)w2 which can be extracted using severalmodulo operations
42 Privacy Preserving (e privacy-preserving requirementis to ensure that the adversary cannot extract a
or b
transmitted in the hiding phaseWe first consider the privacy-preserving requirement for
a where the adversary can be anybody who is able to getcipherA including the CS
From the HidingA algorithm defined in Section 33 itcan be seen that ai isin a
is hidden in ci and di Since pi qi siti and g are random numbers known only by theMU ci anddi are random numbers too
Moreover since the length of g is much longer than pisi and w the lengths of ci and di are determined by qig andtig Since qi and ti are random numbers the lengths of ci anddi are randomly determined by qi and ti regardless of thevalue of ai (ie 0 or 1) (erefore for ai 1 (ieci vi + w pi + qig + w) and aj 0 (iecj vj pj + qjg) it may be ci lt cj Similarly for ai 1 andaj 0 it may be di gt dj (at is to say the set of ci and di
including w may or may not be bigger than the set of ci anddi without w So the adversary cannot get the value of ai
from ci and di by determining that a bigger random ci
represents 1 or a smaller random di represents 1 In otherwords without knowing the set of random secrets(pi qi si ti g) the adversary can extract ai from ci or di onlywith a negligible probability
Furthermore if the length of a is n the probability that
the adversary can get a is (12)n
We then consider the privacy-preserving requirementfor b where the adversary can be anybody who is able to get
cipherB including the MUFrom the InjectingB algorithm defined in Section 33 it
can be seen that bi is hidden in E and F using the additionoperations Knowing the result of addition the adversarycan extract bi only with a negligible probability (ereforethe privacy of b
is ensured by the addition operation
Moreover assuming the MU is the adversary who wantsto extract b
from cipherB E F the MU has to solve the
two equations E (1113936(ai1bi0)1)w2+ (1113936(ai1bi1)1+
1113936bi0pi)w+1113936(ai0bi1)pi + (1113936(bi1)qi + 1113936bi0wqi)g and F
(1113936(ai0bi1)1)w2 + (1113936(ai0 bi 0)1 + 1113936bi1si)w+1113936(ai1bi0)
si + (1113936(bi0)ti + 1113936bi1wti)g Since the MU knows(pi qi si ti g w) these two equations can be treated astwo linear equations with n unknown numbers (ie(b1 middot middot middot bn)) (erefore when ngt 2 there are a number ofsolutions for them In addition for n-bit b
the number of
solutions is (12)n(at is to say the probability that theMUcan extract b
from cipherB (E F) is (12)n
From the above discussion it can be seen that the ad-versary cannot extract a
or b
transmitted in the hidingphase (erefore NLPAS can achieve the privacy-preservinggoal
43 Content Privacy (e content privacy requirement is toensure that the adversary cannot extract content of theinterested image stored on the CS from cipherB(e contentof the interested image is included in b
Since the adversary
cannot extract b
from cipherB as shown in the previoussubsection the content of the interested image stored on theCS cannot be extracted (erefore NLPAS can achieve thecontent privacy goal
44 Auditing (e auditing requirement is to ensure that theMU can determine whether the content in the image storedon the CS meets the MUrsquos requirement (is is ensured bythe Hamming distance If the Hamming distance of a
and b
is smaller than the threshold the MU can determine that thecontent in the image is the one heshe needs Otherwise thecontent in the image is not needed by theMUMoreover thecorrectness of Hamming distance computation is ensured inSection 41
5 Efficiency Evaluation
As shown in Section 3 NLPAS includes two parts featureextracting using the binary convolutional neural networkand similarity computation using the privacy-preservingHamming distance (erefore we mainly evaluate thecomputation costs consumed in these two parts Moreoverfor the feature extracting part we will evaluate the accuracyof the trained model (ie mode)
51 Accuracy To provide a benchmark of efficiency eval-uation we used the MNIST data set [45] and LeNet [46] forcomparing the accuracy of the binary convolutional neuralnetwork with that of the full-precision convolutional neuralnetwork
MNIST [45] is a data set of handwritten digits whichcontains a training set of 60000 examples and a test set of10000 examples And all examples in the training and testdata sets are 28 times 28 binary images
LeNet [46] is a convolutional neural network with threeconvolutional layers two subsampling layers two fullconnection layers an input layer and an output layer
8 Security and Communication Networks
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
311 Binary Convolutional Neural Networks A convolu-tional neural network [41] is a kind of neural networkswhose forward propagation operation can be expressed asY f(WotimesX) where Y is the output tensor of the oper-ation f(middot) is a nonlinear function W and X are the weighttensor and the activation tensor generated by the previousneural network layer and otimes is the convolution operation Abinary convolutional neural network is a kind of convolu-tional neural networks whose weights w isinW and activa-tions x isin X are 1 bit instead of the floating point And theforward propagation operation can be expressed as Y
f(WotimesX) f((mBW)otimes nBX) f(mnBW otimesBX) where m
and n are integers and each bW isin BW is computed from thecorresponding w isinW as follows
bW sgn(w) 1 wge 0
minus 1 wlt 01113896 (1)
Similarly each bX isin BX is computed from the corre-sponding x isin X as follows
bX sgn(x) 1 xge 0
minus 1 xlt 01113896 (2)
For bitwise bW and bX the BW otimesBX operation can beefficiently computed using the XNOR-bitcount algorithmdefined in [43]
Moreover since the sgn function is not differentiable duringbackward propagation Bengio et al used the clip functioninstead of sgn as follows clip(middot) max(minus 1 min(1 middot)) [44] Byusing the clip function the binary convolutional neural networkcan use the same gradient descent algorithm as that of tradi-tional neural networks to update parameters during training
312 Hamming Distance (e Hamming distance [42] isdefined below
Given two n-bit binary vectors a
a1 a2 middot middot middot an andb
b1 b2 middot middot middot bn where (ai isin 0 1 i 1 middot middot middot n) and(bi isin 0 1 i 1 middot middot middot n) the Hamming distance of a
and b
is defined as
d(a
b
) 1113944n
i1ai otimes bi( 1113857 (3)
(e above definition shows that the Hamming distanceis the total number of different bits between a
and b In
other words to compute the Hamming distance we need tocount the different bits between a
and b
32 System Model (e main purpose of NLPAS is to de-termine whether the image on the CS meets the requirementof the MU in a privacy-preserving manner
(e main idea of NLPAS can be divided into two partsnamely the feature extracting part and the Hamming dis-tance computation part For the feature extracting part theMU first defines a binary convolutional neural network andtrains it using a data set according to the userrsquos requirement(en the MU extracts a binary vector (a) from a templateimage using this binary convolutional neural network whichis used as the requirement feature Finally the MU sends thetrained binary convolutional neural network to the CS andthe latter extracts a binary vector (b
) from the image to be
audited using this trained network which is used as theauditing feature Since the binary convolutional neuralnetwork is quite lightweight NLPAS can achieve highefficiency
For theHamming distance computation part theMU andthe CS hide the two input vectors (a and b
) in a carrier
number respectively And then all operations for countingdifferent bits between these two vectors are based on five basicmathematical operations namely addition subtractionmultiplication division and modulo operations Since thesefive basic mathematical operations are quite lightweight ourscheme can achieve high efficiency
Based on the feature extracting and Hamming distancecomputation techniques the MU compares the Hammingdistance of a
and bwith a threshold to determine whether
the interested image on the CS meets the requirement(e system model of NLPAS is shown in Figure 1 which
includes three phases as described below And the notationsare listed in Table 2
Table 1 Features of existing schemes
Data trust Privacy preserving Noninteractive[4ndash6] Voting-based data checking [7ndash9] Context information-based data checking [10ndash13] Statistics-based data checking [14 15] Gold data set-based data checking [16 17] Data redundancy checking [18ndash21] Encryption [22ndash25] Differential privacy [26ndash31] Location privacy [32ndash35] Personal information privacy [36] Blockchain-based authorization [37] Blockchain-based data privacy [38] Fog-based data privacy
4 Security and Communication Networks
321 e Initialization Phase During this phase the MUdefines a binary convolutional neural network model(mode) trains it and extracts a binary vector a
from thetemplate image using themode (en the MU generatespublic and private cryptographic parameters for the NLPASsystem (ese cryptographic parameters will be used forhiding vectors and extracting results in the following hiding
phase and extracting phase (e initialization algorithm isdescribed as follows
SKA PKA1113864 1113865⟵Init(n l) (is algorithm is run by theMU for generating system parameters for NLPAS It takes asinput the length of input vectors (ie n) and the securitystrength of NLPAS (ie l-bit) and outputs the set of privateand public cryptographic parameters (ie SKA and PKA)
MU CS
cipher Blarr Injecting B (b cipher A PKA)
cipher Alarr Hiding A (a SKA PKA) Cipher A
Cipher B
The initialization phaseSKA PKA larr Init (n l)
The hiding phase
d (a b)larr Extra (cipher B SKA PKA)
The extracting phase
PKA mode
Figure 1 System model of NLPAS
Table 2 Notations in this paper
Notation Descriptionmode Binary convolutional neural network model trained by the MUSKA Private parameters of the MUPKA Public parameters of NLPASa
a1 middot middot middot ai middot middot middot an Feature vector of the MUb
b1 middot middot middot bi middot middot middot bn Feature vector of the CSn Length of the two binary vectors a
and b
l Security strength of NLPAScipherA C D Ciphertexts generated by the MUC c1 c2 middot middot middot cn1113864 1113865 (e first set of random numbers that a
is hidden inD d1 d2 middot middot middot dn1113864 1113865 (e second set of random numbers that a
is hidden incipherB E F Ciphertexts generated by the CSd(a
b
) Hamming distance of a and b
ei i 1 2 middot middot middot n1113864 1113865 (e first set of random numbers that d(a
b
) is hidden infi i 1 2 middot middot middot n1113864 1113865 (e second set of random numbers that d(a
b
) is hidden inthres (reshold for determining whether the image on the CS meets the MUrsquos requirementw Prime number for counting different bits in a
and b
g Prime number used as a carrierP p1 p2 middot middot middot pn1113864 1113865 (e first set of random numbers for hiding g
Q q1 q2 middot middot middot qn1113864 1113865 (e second set of random numbers for hiding g
S s1 s2 middot middot middot sn1113864 1113865 (e third set of random numbers for hiding g
T t1 t2 middot middot middot tn1113864 1113865 (e fourth set of random numbers for hiding g
V vi pi + qig i 1 2 middot middot middot n1113864 1113865 (e first set of bases for hiding vectorsU ui si + tig i 1 2 middot middot middot n1113864 1113865 (e second set of bases for hiding vectorsJ K Transitional values for extracting the hamming distanceX Y Values that contain the hamming distance
Security and Communication Networks 5
(en the MU sends the public parameter (PKA) and thetrained model (mode) to the CS And the latter extracts abinary vector b
from the interested image stored on it
After the initialization phase the MU holds(SKA PKA a
mode) and the CS holds (PKA b
mode)
322 e Hiding Phase When the MU wants to computethe Hamming distance d(a
b
) where a is known only by the
MU and bis known only by the CS it establishes the hiding
process by running the HidingA algorithm and sending theresults to the CS(eHidingA algorithm is described below
cipherA1113864 1113865⟵HidingA(a
SKA PKA) (is algorithm isrun by the MU for hiding the binary vector a
into a ci-phertext It takes as inputs the MUrsquos binary vector (ie a
)the MUrsquos private parameter (ie SKA) and the MUrsquos publicparameter (ie PKA) and outputs the ciphertext (iecipherA)
Upon receiving the ciphertext (ie cipherA) the CSinjects its vector (ie b
) into cipherA using the InjectingB
algorithm and gets the updated ciphertext cipherB (enthe CS sends cipherB back to the MU and the Hammingdistance of vectors a
and b
is included in cipherB (eInjectingB algorithm is described below
1113864cipherB⟵InjectingB(b
cipherA PKA) (is algo-rithm is run by the CS for injecting the binary vector b
into
cipherA It takes as inputs the CSrsquos binary vector (ie b) the
MUrsquos ciphertext (ie cipherA) and the MUrsquos public pa-rameter (ie PKA) and outputs the updated ciphertext (iecipherB)
After the hiding phase the MU gets cipherB and theHamming distance of a
and bis hidden in cipherB for being
extracted in the following extracting phase
323 e Extracting Phase After receiving the updatedciphertext (ie cipherB) from the CS the MU extracts theHamming distance from cipherB using the Extra algo-rithm which is described below
d(a
b
)⟵Extra(cipherB SKA PKA) (is algorithmis run by the MU for extracting the Hamming distance fromthe updated ciphertext (ie cipherB) It takes as inputs theupdated ciphertext cipherB the MUrsquos private parameter(ie SKA) and the MUrsquos public parameter (ie PKA) andoutputs the Hamming distance of a
and b(ie d(a
b
))After the extracting phase the MU gets the Hamming
distance of a and b
(ie d(a
b
)) (en the MU setsa threshold value thres If d(a
b
)ge thres the interestedimage stored on the CS does not match the MUrsquos re-quirement Otherwise the interested image on the CSmatches the MUrsquos requirement
In the above system model the MUrsquos vector a is hidden
in cipherA using the HidingA algorithm which cannot beknown by the CS At the same time the CSrsquos vector b
is
hidden in cipherB using the InjectingB algorithm whichcannot be known by the MU(erefore NLPAS can achievethe privacy-preserving goal described in Section 1
In the above systemmodel the CSrsquos vector bis hidden in
cipherB using the InjectingB algorithm which cannot beknown by the MU (erefore the MU only knows the
Hamming distance between a and b
and does not know b
and the corresponding interested image (erefore NLPAScan achieve the content privacy goal described in Section 1
33 Construction (e construction of NLPAS is a tuple(Init HidingA InjectingB Extra) of probabilistic polyno-mial time algorithms as shown in Figure 2 and the detailsare defined below
SKA PKA1113864 1113865⟵Init(n l) (e MU runs this algorithmfor generating system parameters for NLPAS as followsFirst the MU generates a l-bit prime number w for countingdifferent bits Second the MU generates a large primenumber g with the length 2l + 2 + log2 n as the carrier ofNLPAS (ird the MU generates four sets of positiverandom numbers for hiding g namely P p1 p2 middot middot middot pn1113864 1113865Q q1 q2 middot middot middot qn1113864 1113865 S s1 s2 middot middot middot sn1113864 1113865 and T t1 t2 middot middot middot 1113864
tn where 1113936ni1 pi lt (w minus n)2 1113936
ni1 si lt (w minus n)2 Fourth
the MU computes two sets of bases for hiding vectors asfollows V vi pi1113864 +qig i 1 2 middot middot middot n and U ui si1113864
+ tig i 1 2 middot middot middot n Finally the MU gets SKA
g P Q S T V U1113864 1113865 and PKA wcipherA1113864 1113865⟵HidingA(a
SKA PKA) (e MU runs
this algorithm for hiding the binary vectora
a1 middot middot middot ai middot middot middot an into a ciphertext as follows (e MUcomputes ci vi + w and di ui for each ai 1 in a
Otherwise ci vi and di ui + w (en the MU getscipherA C c111138641113864 c2 middot middot middot cn D d1 d2 middot middot middot dn1113864 1113865
1113864cipherB⟵InjectingB (b
cipherA PKA) (e CSruns this algorithm for injecting the binary vectorb
b1 middot middot middot bi middot middot middot bn into cipherA as follows First the CScomputes ei ci and fi wdi for each bi 1 in b
Oth-
erwise ei wci and fi di Second the CS computes E
1113936ni1 ei and F 1113936
ni1 fi Finally the CS gets cipherB E F
d(a
b
)⟵Extra(cipherB SKA PKA) (e MU runsthis algorithm for extracting the Hamming distance from theupdated ciphertext (ie cipherB) as follows First the MUcomputes J Emodg and K Fmodg Second the MUcomputes X J minus (Jmod(w2))w2 andY K minus (Kmod(w2))w2 (ird the MU computesd(a
b
) X + YIn the above construction NLPAS uses only a few simple
mathematical operations (ie addition subtraction multi-plication division and modulo operations) instead of time-consuming cryptographic operations such as modular ex-ponentiation (erefore it enjoys high efficiency We willfurther evaluate the efficiency of NLPAS in Section 5
4 Security Analysis
In this section we first show that NLPAS is correct and thenanalyze the security of NLPAS according to the securityrequirements described in Section 1 (ie privacy preservingcontent privacy and auditing)
41 Correctness In the construction in Section 33 we use X
for counting the bits where ai 1 and bi 0 Similarly weuse Y for counting the bits where ai 0 and bi 1
6 Security and Communication Networks
(erefore the Hamming distance of a and b
can be
computed as d(a
b
) X + YIn this section we shall show that X can really be used
for counting the bits where ai 1 and bi 0 And themeaning of Y can be analyzed in a similar way
We start analyzing the meaning of X from the variable ei
as follows First according to the InjectingB algorithm ei
can be written as
ei ci bi 1
wci bi 01113896 (4)
Second taking the value of ci in the HidingA algorithminto consideration ei can be further written as
ei
vi + w ai 1 bi 1( 1113857
vi ai 0 bi 1( 1113857
w vi + w( 1113857 ai 1 bi 0( 1113857
wvi ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(5)
(ird taking the value of vi in the Init algorithm intoconsideration ei can be written as
ei
pi + qig + w ai 1 bi 1( 1113857
pi + qig ai 0 bi 1( 1113857
w pi + qig + w( 1113857 ai 1 bi 0( 1113857
w pi + qig( 1113857 ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(6)
Fourth considering all the four conditions (ie(ai 1 bi 1) (ai 1 bi 0) (ai 0 bi 1) and(ai 0 bi 0)) together we can compute
E 1113944n
i1ei 1113944
ai1bi1pi + qig + w( 1113857 + 1113944
ai1bi0w pi + qig + w( 1113857( 1113857
+ 1113944ai0bi1
pi + qig( 1113857 + 1113944ai0bi0
w pi + qig( 1113857( 1113857
1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
piw⎛⎝ ⎞⎠ + 1113944
ai0bi1pi
+ 1113944bi1
qi + 1113944bi0
wqi⎛⎝ ⎞⎠g
(7)
Fifth since the length of w is l-bit the length of(1113936(ai1bi0)1)w2 should be no more than log2 n + 2l Since1113936
ni1 pi lt (w minus n)2 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
should be nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi
should be no more than l minus 1 (erefore the length of(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
should be no more than log2 n + 2l + 2 (at is to say(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltg So we get
J Emodg 1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
pi⎛⎝ ⎞⎠w
+ 1113944ai0bi1
pi
(8)
Sixth since the length of (1113936(ai1bi1)1 + 1113936bi0pi)w is nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi is no morethan l minus 1 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
+1113936(ai0bi1)pi is no more than 2l minus 1 (at is to say
The initialization phase The hiding phase The extracting phase
Procedure init algorithmInput vector length (n)security strength (l)Output public parameter(PKA) private parameter(SKA)Step 1 MU generates twoprimes w and дStep 2 MU randomlygenerates four setsP = p1 p2 pnQ = q1 q2 qnS = s1 s2 sn andT = t1 t2 tnStep 3 MU computesV = vi = pi + qi д i =1 2 n and U = ui =si + ti д i = 1 2 nStep 4 MU getsSKA = д P Q S T V Uand PKA = wend procedure Initalgorithm
Procedure hiding A algorithmInput vector (a) parameters (PKA andSKA)Output cipher AStep 1 for each ai ∊ a if ai = 1 MUcomputes ci = vi + w and di = ui Otherwise MU computes ci = vi anddi = ui + w
procedure Injecting B algorithmInput vector (b) cliphertext (cipher A)parameter (PKA)Output cipher BStep 1 for each bi ∊ b if bi = 1 CScomputes ei = ci and fi = wdi Otherwise CS computes ei = wci andfi = di
Step 2 MU gets cipher A = C =c1 c2 cn D = d1 d2 dnend procedure Hiding A algorithm
Step 2 CS computes E = sumni=1 ei and
F = sumni=1 fi and cipher B = E F
end procedure Injecting B algorithm
Procedure extra algorithmInput ciphertext (cipher B)parameters (PKA and SKA)Output d(a b)Step 1 MU computesJ = E mod д and K = F mod дStep 2 MU computesX = J - (Jmod(w2))w2 and
Y = K - (Kmod(w2))w2Step 3 MU computesd (a b) = X + Yend procedure Extra algorithm
Figure 2 Construction of NLPAS
Security and Communication Networks 7
(1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltw2 So we getJmod(w2) (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
Finally we get
X J minus Jmod w2( 1113857
w2 1113936 ai1bi0( )11113874 1113875w2
w2 1113944ai1bi0
1 (9)
(is is really the total number of bits where ai 1 andbi 0 Similarly we can learn that Y is the total number ofbits where ai 0 and bi 1 (erefore the Hamming dis-tance of a
and bis d(a
b
) X + YFrom the above discussion we can see that the main idea
of privacy-preserving Hamming distance computation in-cludes two points First we hide the information of a
and b
in a big prime g Second the different bits (eg ai 1 andbi 0) are counted in an independent part of E eg(1113936(ai1bi0)1)w2 which can be extracted using severalmodulo operations
42 Privacy Preserving (e privacy-preserving requirementis to ensure that the adversary cannot extract a
or b
transmitted in the hiding phaseWe first consider the privacy-preserving requirement for
a where the adversary can be anybody who is able to getcipherA including the CS
From the HidingA algorithm defined in Section 33 itcan be seen that ai isin a
is hidden in ci and di Since pi qi siti and g are random numbers known only by theMU ci anddi are random numbers too
Moreover since the length of g is much longer than pisi and w the lengths of ci and di are determined by qig andtig Since qi and ti are random numbers the lengths of ci anddi are randomly determined by qi and ti regardless of thevalue of ai (ie 0 or 1) (erefore for ai 1 (ieci vi + w pi + qig + w) and aj 0 (iecj vj pj + qjg) it may be ci lt cj Similarly for ai 1 andaj 0 it may be di gt dj (at is to say the set of ci and di
including w may or may not be bigger than the set of ci anddi without w So the adversary cannot get the value of ai
from ci and di by determining that a bigger random ci
represents 1 or a smaller random di represents 1 In otherwords without knowing the set of random secrets(pi qi si ti g) the adversary can extract ai from ci or di onlywith a negligible probability
Furthermore if the length of a is n the probability that
the adversary can get a is (12)n
We then consider the privacy-preserving requirementfor b where the adversary can be anybody who is able to get
cipherB including the MUFrom the InjectingB algorithm defined in Section 33 it
can be seen that bi is hidden in E and F using the additionoperations Knowing the result of addition the adversarycan extract bi only with a negligible probability (ereforethe privacy of b
is ensured by the addition operation
Moreover assuming the MU is the adversary who wantsto extract b
from cipherB E F the MU has to solve the
two equations E (1113936(ai1bi0)1)w2+ (1113936(ai1bi1)1+
1113936bi0pi)w+1113936(ai0bi1)pi + (1113936(bi1)qi + 1113936bi0wqi)g and F
(1113936(ai0bi1)1)w2 + (1113936(ai0 bi 0)1 + 1113936bi1si)w+1113936(ai1bi0)
si + (1113936(bi0)ti + 1113936bi1wti)g Since the MU knows(pi qi si ti g w) these two equations can be treated astwo linear equations with n unknown numbers (ie(b1 middot middot middot bn)) (erefore when ngt 2 there are a number ofsolutions for them In addition for n-bit b
the number of
solutions is (12)n(at is to say the probability that theMUcan extract b
from cipherB (E F) is (12)n
From the above discussion it can be seen that the ad-versary cannot extract a
or b
transmitted in the hidingphase (erefore NLPAS can achieve the privacy-preservinggoal
43 Content Privacy (e content privacy requirement is toensure that the adversary cannot extract content of theinterested image stored on the CS from cipherB(e contentof the interested image is included in b
Since the adversary
cannot extract b
from cipherB as shown in the previoussubsection the content of the interested image stored on theCS cannot be extracted (erefore NLPAS can achieve thecontent privacy goal
44 Auditing (e auditing requirement is to ensure that theMU can determine whether the content in the image storedon the CS meets the MUrsquos requirement (is is ensured bythe Hamming distance If the Hamming distance of a
and b
is smaller than the threshold the MU can determine that thecontent in the image is the one heshe needs Otherwise thecontent in the image is not needed by theMUMoreover thecorrectness of Hamming distance computation is ensured inSection 41
5 Efficiency Evaluation
As shown in Section 3 NLPAS includes two parts featureextracting using the binary convolutional neural networkand similarity computation using the privacy-preservingHamming distance (erefore we mainly evaluate thecomputation costs consumed in these two parts Moreoverfor the feature extracting part we will evaluate the accuracyof the trained model (ie mode)
51 Accuracy To provide a benchmark of efficiency eval-uation we used the MNIST data set [45] and LeNet [46] forcomparing the accuracy of the binary convolutional neuralnetwork with that of the full-precision convolutional neuralnetwork
MNIST [45] is a data set of handwritten digits whichcontains a training set of 60000 examples and a test set of10000 examples And all examples in the training and testdata sets are 28 times 28 binary images
LeNet [46] is a convolutional neural network with threeconvolutional layers two subsampling layers two fullconnection layers an input layer and an output layer
8 Security and Communication Networks
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
321 e Initialization Phase During this phase the MUdefines a binary convolutional neural network model(mode) trains it and extracts a binary vector a
from thetemplate image using themode (en the MU generatespublic and private cryptographic parameters for the NLPASsystem (ese cryptographic parameters will be used forhiding vectors and extracting results in the following hiding
phase and extracting phase (e initialization algorithm isdescribed as follows
SKA PKA1113864 1113865⟵Init(n l) (is algorithm is run by theMU for generating system parameters for NLPAS It takes asinput the length of input vectors (ie n) and the securitystrength of NLPAS (ie l-bit) and outputs the set of privateand public cryptographic parameters (ie SKA and PKA)
MU CS
cipher Blarr Injecting B (b cipher A PKA)
cipher Alarr Hiding A (a SKA PKA) Cipher A
Cipher B
The initialization phaseSKA PKA larr Init (n l)
The hiding phase
d (a b)larr Extra (cipher B SKA PKA)
The extracting phase
PKA mode
Figure 1 System model of NLPAS
Table 2 Notations in this paper
Notation Descriptionmode Binary convolutional neural network model trained by the MUSKA Private parameters of the MUPKA Public parameters of NLPASa
a1 middot middot middot ai middot middot middot an Feature vector of the MUb
b1 middot middot middot bi middot middot middot bn Feature vector of the CSn Length of the two binary vectors a
and b
l Security strength of NLPAScipherA C D Ciphertexts generated by the MUC c1 c2 middot middot middot cn1113864 1113865 (e first set of random numbers that a
is hidden inD d1 d2 middot middot middot dn1113864 1113865 (e second set of random numbers that a
is hidden incipherB E F Ciphertexts generated by the CSd(a
b
) Hamming distance of a and b
ei i 1 2 middot middot middot n1113864 1113865 (e first set of random numbers that d(a
b
) is hidden infi i 1 2 middot middot middot n1113864 1113865 (e second set of random numbers that d(a
b
) is hidden inthres (reshold for determining whether the image on the CS meets the MUrsquos requirementw Prime number for counting different bits in a
and b
g Prime number used as a carrierP p1 p2 middot middot middot pn1113864 1113865 (e first set of random numbers for hiding g
Q q1 q2 middot middot middot qn1113864 1113865 (e second set of random numbers for hiding g
S s1 s2 middot middot middot sn1113864 1113865 (e third set of random numbers for hiding g
T t1 t2 middot middot middot tn1113864 1113865 (e fourth set of random numbers for hiding g
V vi pi + qig i 1 2 middot middot middot n1113864 1113865 (e first set of bases for hiding vectorsU ui si + tig i 1 2 middot middot middot n1113864 1113865 (e second set of bases for hiding vectorsJ K Transitional values for extracting the hamming distanceX Y Values that contain the hamming distance
Security and Communication Networks 5
(en the MU sends the public parameter (PKA) and thetrained model (mode) to the CS And the latter extracts abinary vector b
from the interested image stored on it
After the initialization phase the MU holds(SKA PKA a
mode) and the CS holds (PKA b
mode)
322 e Hiding Phase When the MU wants to computethe Hamming distance d(a
b
) where a is known only by the
MU and bis known only by the CS it establishes the hiding
process by running the HidingA algorithm and sending theresults to the CS(eHidingA algorithm is described below
cipherA1113864 1113865⟵HidingA(a
SKA PKA) (is algorithm isrun by the MU for hiding the binary vector a
into a ci-phertext It takes as inputs the MUrsquos binary vector (ie a
)the MUrsquos private parameter (ie SKA) and the MUrsquos publicparameter (ie PKA) and outputs the ciphertext (iecipherA)
Upon receiving the ciphertext (ie cipherA) the CSinjects its vector (ie b
) into cipherA using the InjectingB
algorithm and gets the updated ciphertext cipherB (enthe CS sends cipherB back to the MU and the Hammingdistance of vectors a
and b
is included in cipherB (eInjectingB algorithm is described below
1113864cipherB⟵InjectingB(b
cipherA PKA) (is algo-rithm is run by the CS for injecting the binary vector b
into
cipherA It takes as inputs the CSrsquos binary vector (ie b) the
MUrsquos ciphertext (ie cipherA) and the MUrsquos public pa-rameter (ie PKA) and outputs the updated ciphertext (iecipherB)
After the hiding phase the MU gets cipherB and theHamming distance of a
and bis hidden in cipherB for being
extracted in the following extracting phase
323 e Extracting Phase After receiving the updatedciphertext (ie cipherB) from the CS the MU extracts theHamming distance from cipherB using the Extra algo-rithm which is described below
d(a
b
)⟵Extra(cipherB SKA PKA) (is algorithmis run by the MU for extracting the Hamming distance fromthe updated ciphertext (ie cipherB) It takes as inputs theupdated ciphertext cipherB the MUrsquos private parameter(ie SKA) and the MUrsquos public parameter (ie PKA) andoutputs the Hamming distance of a
and b(ie d(a
b
))After the extracting phase the MU gets the Hamming
distance of a and b
(ie d(a
b
)) (en the MU setsa threshold value thres If d(a
b
)ge thres the interestedimage stored on the CS does not match the MUrsquos re-quirement Otherwise the interested image on the CSmatches the MUrsquos requirement
In the above system model the MUrsquos vector a is hidden
in cipherA using the HidingA algorithm which cannot beknown by the CS At the same time the CSrsquos vector b
is
hidden in cipherB using the InjectingB algorithm whichcannot be known by the MU(erefore NLPAS can achievethe privacy-preserving goal described in Section 1
In the above systemmodel the CSrsquos vector bis hidden in
cipherB using the InjectingB algorithm which cannot beknown by the MU (erefore the MU only knows the
Hamming distance between a and b
and does not know b
and the corresponding interested image (erefore NLPAScan achieve the content privacy goal described in Section 1
33 Construction (e construction of NLPAS is a tuple(Init HidingA InjectingB Extra) of probabilistic polyno-mial time algorithms as shown in Figure 2 and the detailsare defined below
SKA PKA1113864 1113865⟵Init(n l) (e MU runs this algorithmfor generating system parameters for NLPAS as followsFirst the MU generates a l-bit prime number w for countingdifferent bits Second the MU generates a large primenumber g with the length 2l + 2 + log2 n as the carrier ofNLPAS (ird the MU generates four sets of positiverandom numbers for hiding g namely P p1 p2 middot middot middot pn1113864 1113865Q q1 q2 middot middot middot qn1113864 1113865 S s1 s2 middot middot middot sn1113864 1113865 and T t1 t2 middot middot middot 1113864
tn where 1113936ni1 pi lt (w minus n)2 1113936
ni1 si lt (w minus n)2 Fourth
the MU computes two sets of bases for hiding vectors asfollows V vi pi1113864 +qig i 1 2 middot middot middot n and U ui si1113864
+ tig i 1 2 middot middot middot n Finally the MU gets SKA
g P Q S T V U1113864 1113865 and PKA wcipherA1113864 1113865⟵HidingA(a
SKA PKA) (e MU runs
this algorithm for hiding the binary vectora
a1 middot middot middot ai middot middot middot an into a ciphertext as follows (e MUcomputes ci vi + w and di ui for each ai 1 in a
Otherwise ci vi and di ui + w (en the MU getscipherA C c111138641113864 c2 middot middot middot cn D d1 d2 middot middot middot dn1113864 1113865
1113864cipherB⟵InjectingB (b
cipherA PKA) (e CSruns this algorithm for injecting the binary vectorb
b1 middot middot middot bi middot middot middot bn into cipherA as follows First the CScomputes ei ci and fi wdi for each bi 1 in b
Oth-
erwise ei wci and fi di Second the CS computes E
1113936ni1 ei and F 1113936
ni1 fi Finally the CS gets cipherB E F
d(a
b
)⟵Extra(cipherB SKA PKA) (e MU runsthis algorithm for extracting the Hamming distance from theupdated ciphertext (ie cipherB) as follows First the MUcomputes J Emodg and K Fmodg Second the MUcomputes X J minus (Jmod(w2))w2 andY K minus (Kmod(w2))w2 (ird the MU computesd(a
b
) X + YIn the above construction NLPAS uses only a few simple
mathematical operations (ie addition subtraction multi-plication division and modulo operations) instead of time-consuming cryptographic operations such as modular ex-ponentiation (erefore it enjoys high efficiency We willfurther evaluate the efficiency of NLPAS in Section 5
4 Security Analysis
In this section we first show that NLPAS is correct and thenanalyze the security of NLPAS according to the securityrequirements described in Section 1 (ie privacy preservingcontent privacy and auditing)
41 Correctness In the construction in Section 33 we use X
for counting the bits where ai 1 and bi 0 Similarly weuse Y for counting the bits where ai 0 and bi 1
6 Security and Communication Networks
(erefore the Hamming distance of a and b
can be
computed as d(a
b
) X + YIn this section we shall show that X can really be used
for counting the bits where ai 1 and bi 0 And themeaning of Y can be analyzed in a similar way
We start analyzing the meaning of X from the variable ei
as follows First according to the InjectingB algorithm ei
can be written as
ei ci bi 1
wci bi 01113896 (4)
Second taking the value of ci in the HidingA algorithminto consideration ei can be further written as
ei
vi + w ai 1 bi 1( 1113857
vi ai 0 bi 1( 1113857
w vi + w( 1113857 ai 1 bi 0( 1113857
wvi ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(5)
(ird taking the value of vi in the Init algorithm intoconsideration ei can be written as
ei
pi + qig + w ai 1 bi 1( 1113857
pi + qig ai 0 bi 1( 1113857
w pi + qig + w( 1113857 ai 1 bi 0( 1113857
w pi + qig( 1113857 ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(6)
Fourth considering all the four conditions (ie(ai 1 bi 1) (ai 1 bi 0) (ai 0 bi 1) and(ai 0 bi 0)) together we can compute
E 1113944n
i1ei 1113944
ai1bi1pi + qig + w( 1113857 + 1113944
ai1bi0w pi + qig + w( 1113857( 1113857
+ 1113944ai0bi1
pi + qig( 1113857 + 1113944ai0bi0
w pi + qig( 1113857( 1113857
1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
piw⎛⎝ ⎞⎠ + 1113944
ai0bi1pi
+ 1113944bi1
qi + 1113944bi0
wqi⎛⎝ ⎞⎠g
(7)
Fifth since the length of w is l-bit the length of(1113936(ai1bi0)1)w2 should be no more than log2 n + 2l Since1113936
ni1 pi lt (w minus n)2 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
should be nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi
should be no more than l minus 1 (erefore the length of(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
should be no more than log2 n + 2l + 2 (at is to say(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltg So we get
J Emodg 1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
pi⎛⎝ ⎞⎠w
+ 1113944ai0bi1
pi
(8)
Sixth since the length of (1113936(ai1bi1)1 + 1113936bi0pi)w is nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi is no morethan l minus 1 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
+1113936(ai0bi1)pi is no more than 2l minus 1 (at is to say
The initialization phase The hiding phase The extracting phase
Procedure init algorithmInput vector length (n)security strength (l)Output public parameter(PKA) private parameter(SKA)Step 1 MU generates twoprimes w and дStep 2 MU randomlygenerates four setsP = p1 p2 pnQ = q1 q2 qnS = s1 s2 sn andT = t1 t2 tnStep 3 MU computesV = vi = pi + qi д i =1 2 n and U = ui =si + ti д i = 1 2 nStep 4 MU getsSKA = д P Q S T V Uand PKA = wend procedure Initalgorithm
Procedure hiding A algorithmInput vector (a) parameters (PKA andSKA)Output cipher AStep 1 for each ai ∊ a if ai = 1 MUcomputes ci = vi + w and di = ui Otherwise MU computes ci = vi anddi = ui + w
procedure Injecting B algorithmInput vector (b) cliphertext (cipher A)parameter (PKA)Output cipher BStep 1 for each bi ∊ b if bi = 1 CScomputes ei = ci and fi = wdi Otherwise CS computes ei = wci andfi = di
Step 2 MU gets cipher A = C =c1 c2 cn D = d1 d2 dnend procedure Hiding A algorithm
Step 2 CS computes E = sumni=1 ei and
F = sumni=1 fi and cipher B = E F
end procedure Injecting B algorithm
Procedure extra algorithmInput ciphertext (cipher B)parameters (PKA and SKA)Output d(a b)Step 1 MU computesJ = E mod д and K = F mod дStep 2 MU computesX = J - (Jmod(w2))w2 and
Y = K - (Kmod(w2))w2Step 3 MU computesd (a b) = X + Yend procedure Extra algorithm
Figure 2 Construction of NLPAS
Security and Communication Networks 7
(1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltw2 So we getJmod(w2) (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
Finally we get
X J minus Jmod w2( 1113857
w2 1113936 ai1bi0( )11113874 1113875w2
w2 1113944ai1bi0
1 (9)
(is is really the total number of bits where ai 1 andbi 0 Similarly we can learn that Y is the total number ofbits where ai 0 and bi 1 (erefore the Hamming dis-tance of a
and bis d(a
b
) X + YFrom the above discussion we can see that the main idea
of privacy-preserving Hamming distance computation in-cludes two points First we hide the information of a
and b
in a big prime g Second the different bits (eg ai 1 andbi 0) are counted in an independent part of E eg(1113936(ai1bi0)1)w2 which can be extracted using severalmodulo operations
42 Privacy Preserving (e privacy-preserving requirementis to ensure that the adversary cannot extract a
or b
transmitted in the hiding phaseWe first consider the privacy-preserving requirement for
a where the adversary can be anybody who is able to getcipherA including the CS
From the HidingA algorithm defined in Section 33 itcan be seen that ai isin a
is hidden in ci and di Since pi qi siti and g are random numbers known only by theMU ci anddi are random numbers too
Moreover since the length of g is much longer than pisi and w the lengths of ci and di are determined by qig andtig Since qi and ti are random numbers the lengths of ci anddi are randomly determined by qi and ti regardless of thevalue of ai (ie 0 or 1) (erefore for ai 1 (ieci vi + w pi + qig + w) and aj 0 (iecj vj pj + qjg) it may be ci lt cj Similarly for ai 1 andaj 0 it may be di gt dj (at is to say the set of ci and di
including w may or may not be bigger than the set of ci anddi without w So the adversary cannot get the value of ai
from ci and di by determining that a bigger random ci
represents 1 or a smaller random di represents 1 In otherwords without knowing the set of random secrets(pi qi si ti g) the adversary can extract ai from ci or di onlywith a negligible probability
Furthermore if the length of a is n the probability that
the adversary can get a is (12)n
We then consider the privacy-preserving requirementfor b where the adversary can be anybody who is able to get
cipherB including the MUFrom the InjectingB algorithm defined in Section 33 it
can be seen that bi is hidden in E and F using the additionoperations Knowing the result of addition the adversarycan extract bi only with a negligible probability (ereforethe privacy of b
is ensured by the addition operation
Moreover assuming the MU is the adversary who wantsto extract b
from cipherB E F the MU has to solve the
two equations E (1113936(ai1bi0)1)w2+ (1113936(ai1bi1)1+
1113936bi0pi)w+1113936(ai0bi1)pi + (1113936(bi1)qi + 1113936bi0wqi)g and F
(1113936(ai0bi1)1)w2 + (1113936(ai0 bi 0)1 + 1113936bi1si)w+1113936(ai1bi0)
si + (1113936(bi0)ti + 1113936bi1wti)g Since the MU knows(pi qi si ti g w) these two equations can be treated astwo linear equations with n unknown numbers (ie(b1 middot middot middot bn)) (erefore when ngt 2 there are a number ofsolutions for them In addition for n-bit b
the number of
solutions is (12)n(at is to say the probability that theMUcan extract b
from cipherB (E F) is (12)n
From the above discussion it can be seen that the ad-versary cannot extract a
or b
transmitted in the hidingphase (erefore NLPAS can achieve the privacy-preservinggoal
43 Content Privacy (e content privacy requirement is toensure that the adversary cannot extract content of theinterested image stored on the CS from cipherB(e contentof the interested image is included in b
Since the adversary
cannot extract b
from cipherB as shown in the previoussubsection the content of the interested image stored on theCS cannot be extracted (erefore NLPAS can achieve thecontent privacy goal
44 Auditing (e auditing requirement is to ensure that theMU can determine whether the content in the image storedon the CS meets the MUrsquos requirement (is is ensured bythe Hamming distance If the Hamming distance of a
and b
is smaller than the threshold the MU can determine that thecontent in the image is the one heshe needs Otherwise thecontent in the image is not needed by theMUMoreover thecorrectness of Hamming distance computation is ensured inSection 41
5 Efficiency Evaluation
As shown in Section 3 NLPAS includes two parts featureextracting using the binary convolutional neural networkand similarity computation using the privacy-preservingHamming distance (erefore we mainly evaluate thecomputation costs consumed in these two parts Moreoverfor the feature extracting part we will evaluate the accuracyof the trained model (ie mode)
51 Accuracy To provide a benchmark of efficiency eval-uation we used the MNIST data set [45] and LeNet [46] forcomparing the accuracy of the binary convolutional neuralnetwork with that of the full-precision convolutional neuralnetwork
MNIST [45] is a data set of handwritten digits whichcontains a training set of 60000 examples and a test set of10000 examples And all examples in the training and testdata sets are 28 times 28 binary images
LeNet [46] is a convolutional neural network with threeconvolutional layers two subsampling layers two fullconnection layers an input layer and an output layer
8 Security and Communication Networks
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
(en the MU sends the public parameter (PKA) and thetrained model (mode) to the CS And the latter extracts abinary vector b
from the interested image stored on it
After the initialization phase the MU holds(SKA PKA a
mode) and the CS holds (PKA b
mode)
322 e Hiding Phase When the MU wants to computethe Hamming distance d(a
b
) where a is known only by the
MU and bis known only by the CS it establishes the hiding
process by running the HidingA algorithm and sending theresults to the CS(eHidingA algorithm is described below
cipherA1113864 1113865⟵HidingA(a
SKA PKA) (is algorithm isrun by the MU for hiding the binary vector a
into a ci-phertext It takes as inputs the MUrsquos binary vector (ie a
)the MUrsquos private parameter (ie SKA) and the MUrsquos publicparameter (ie PKA) and outputs the ciphertext (iecipherA)
Upon receiving the ciphertext (ie cipherA) the CSinjects its vector (ie b
) into cipherA using the InjectingB
algorithm and gets the updated ciphertext cipherB (enthe CS sends cipherB back to the MU and the Hammingdistance of vectors a
and b
is included in cipherB (eInjectingB algorithm is described below
1113864cipherB⟵InjectingB(b
cipherA PKA) (is algo-rithm is run by the CS for injecting the binary vector b
into
cipherA It takes as inputs the CSrsquos binary vector (ie b) the
MUrsquos ciphertext (ie cipherA) and the MUrsquos public pa-rameter (ie PKA) and outputs the updated ciphertext (iecipherB)
After the hiding phase the MU gets cipherB and theHamming distance of a
and bis hidden in cipherB for being
extracted in the following extracting phase
323 e Extracting Phase After receiving the updatedciphertext (ie cipherB) from the CS the MU extracts theHamming distance from cipherB using the Extra algo-rithm which is described below
d(a
b
)⟵Extra(cipherB SKA PKA) (is algorithmis run by the MU for extracting the Hamming distance fromthe updated ciphertext (ie cipherB) It takes as inputs theupdated ciphertext cipherB the MUrsquos private parameter(ie SKA) and the MUrsquos public parameter (ie PKA) andoutputs the Hamming distance of a
and b(ie d(a
b
))After the extracting phase the MU gets the Hamming
distance of a and b
(ie d(a
b
)) (en the MU setsa threshold value thres If d(a
b
)ge thres the interestedimage stored on the CS does not match the MUrsquos re-quirement Otherwise the interested image on the CSmatches the MUrsquos requirement
In the above system model the MUrsquos vector a is hidden
in cipherA using the HidingA algorithm which cannot beknown by the CS At the same time the CSrsquos vector b
is
hidden in cipherB using the InjectingB algorithm whichcannot be known by the MU(erefore NLPAS can achievethe privacy-preserving goal described in Section 1
In the above systemmodel the CSrsquos vector bis hidden in
cipherB using the InjectingB algorithm which cannot beknown by the MU (erefore the MU only knows the
Hamming distance between a and b
and does not know b
and the corresponding interested image (erefore NLPAScan achieve the content privacy goal described in Section 1
33 Construction (e construction of NLPAS is a tuple(Init HidingA InjectingB Extra) of probabilistic polyno-mial time algorithms as shown in Figure 2 and the detailsare defined below
SKA PKA1113864 1113865⟵Init(n l) (e MU runs this algorithmfor generating system parameters for NLPAS as followsFirst the MU generates a l-bit prime number w for countingdifferent bits Second the MU generates a large primenumber g with the length 2l + 2 + log2 n as the carrier ofNLPAS (ird the MU generates four sets of positiverandom numbers for hiding g namely P p1 p2 middot middot middot pn1113864 1113865Q q1 q2 middot middot middot qn1113864 1113865 S s1 s2 middot middot middot sn1113864 1113865 and T t1 t2 middot middot middot 1113864
tn where 1113936ni1 pi lt (w minus n)2 1113936
ni1 si lt (w minus n)2 Fourth
the MU computes two sets of bases for hiding vectors asfollows V vi pi1113864 +qig i 1 2 middot middot middot n and U ui si1113864
+ tig i 1 2 middot middot middot n Finally the MU gets SKA
g P Q S T V U1113864 1113865 and PKA wcipherA1113864 1113865⟵HidingA(a
SKA PKA) (e MU runs
this algorithm for hiding the binary vectora
a1 middot middot middot ai middot middot middot an into a ciphertext as follows (e MUcomputes ci vi + w and di ui for each ai 1 in a
Otherwise ci vi and di ui + w (en the MU getscipherA C c111138641113864 c2 middot middot middot cn D d1 d2 middot middot middot dn1113864 1113865
1113864cipherB⟵InjectingB (b
cipherA PKA) (e CSruns this algorithm for injecting the binary vectorb
b1 middot middot middot bi middot middot middot bn into cipherA as follows First the CScomputes ei ci and fi wdi for each bi 1 in b
Oth-
erwise ei wci and fi di Second the CS computes E
1113936ni1 ei and F 1113936
ni1 fi Finally the CS gets cipherB E F
d(a
b
)⟵Extra(cipherB SKA PKA) (e MU runsthis algorithm for extracting the Hamming distance from theupdated ciphertext (ie cipherB) as follows First the MUcomputes J Emodg and K Fmodg Second the MUcomputes X J minus (Jmod(w2))w2 andY K minus (Kmod(w2))w2 (ird the MU computesd(a
b
) X + YIn the above construction NLPAS uses only a few simple
mathematical operations (ie addition subtraction multi-plication division and modulo operations) instead of time-consuming cryptographic operations such as modular ex-ponentiation (erefore it enjoys high efficiency We willfurther evaluate the efficiency of NLPAS in Section 5
4 Security Analysis
In this section we first show that NLPAS is correct and thenanalyze the security of NLPAS according to the securityrequirements described in Section 1 (ie privacy preservingcontent privacy and auditing)
41 Correctness In the construction in Section 33 we use X
for counting the bits where ai 1 and bi 0 Similarly weuse Y for counting the bits where ai 0 and bi 1
6 Security and Communication Networks
(erefore the Hamming distance of a and b
can be
computed as d(a
b
) X + YIn this section we shall show that X can really be used
for counting the bits where ai 1 and bi 0 And themeaning of Y can be analyzed in a similar way
We start analyzing the meaning of X from the variable ei
as follows First according to the InjectingB algorithm ei
can be written as
ei ci bi 1
wci bi 01113896 (4)
Second taking the value of ci in the HidingA algorithminto consideration ei can be further written as
ei
vi + w ai 1 bi 1( 1113857
vi ai 0 bi 1( 1113857
w vi + w( 1113857 ai 1 bi 0( 1113857
wvi ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(5)
(ird taking the value of vi in the Init algorithm intoconsideration ei can be written as
ei
pi + qig + w ai 1 bi 1( 1113857
pi + qig ai 0 bi 1( 1113857
w pi + qig + w( 1113857 ai 1 bi 0( 1113857
w pi + qig( 1113857 ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(6)
Fourth considering all the four conditions (ie(ai 1 bi 1) (ai 1 bi 0) (ai 0 bi 1) and(ai 0 bi 0)) together we can compute
E 1113944n
i1ei 1113944
ai1bi1pi + qig + w( 1113857 + 1113944
ai1bi0w pi + qig + w( 1113857( 1113857
+ 1113944ai0bi1
pi + qig( 1113857 + 1113944ai0bi0
w pi + qig( 1113857( 1113857
1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
piw⎛⎝ ⎞⎠ + 1113944
ai0bi1pi
+ 1113944bi1
qi + 1113944bi0
wqi⎛⎝ ⎞⎠g
(7)
Fifth since the length of w is l-bit the length of(1113936(ai1bi0)1)w2 should be no more than log2 n + 2l Since1113936
ni1 pi lt (w minus n)2 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
should be nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi
should be no more than l minus 1 (erefore the length of(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
should be no more than log2 n + 2l + 2 (at is to say(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltg So we get
J Emodg 1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
pi⎛⎝ ⎞⎠w
+ 1113944ai0bi1
pi
(8)
Sixth since the length of (1113936(ai1bi1)1 + 1113936bi0pi)w is nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi is no morethan l minus 1 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
+1113936(ai0bi1)pi is no more than 2l minus 1 (at is to say
The initialization phase The hiding phase The extracting phase
Procedure init algorithmInput vector length (n)security strength (l)Output public parameter(PKA) private parameter(SKA)Step 1 MU generates twoprimes w and дStep 2 MU randomlygenerates four setsP = p1 p2 pnQ = q1 q2 qnS = s1 s2 sn andT = t1 t2 tnStep 3 MU computesV = vi = pi + qi д i =1 2 n and U = ui =si + ti д i = 1 2 nStep 4 MU getsSKA = д P Q S T V Uand PKA = wend procedure Initalgorithm
Procedure hiding A algorithmInput vector (a) parameters (PKA andSKA)Output cipher AStep 1 for each ai ∊ a if ai = 1 MUcomputes ci = vi + w and di = ui Otherwise MU computes ci = vi anddi = ui + w
procedure Injecting B algorithmInput vector (b) cliphertext (cipher A)parameter (PKA)Output cipher BStep 1 for each bi ∊ b if bi = 1 CScomputes ei = ci and fi = wdi Otherwise CS computes ei = wci andfi = di
Step 2 MU gets cipher A = C =c1 c2 cn D = d1 d2 dnend procedure Hiding A algorithm
Step 2 CS computes E = sumni=1 ei and
F = sumni=1 fi and cipher B = E F
end procedure Injecting B algorithm
Procedure extra algorithmInput ciphertext (cipher B)parameters (PKA and SKA)Output d(a b)Step 1 MU computesJ = E mod д and K = F mod дStep 2 MU computesX = J - (Jmod(w2))w2 and
Y = K - (Kmod(w2))w2Step 3 MU computesd (a b) = X + Yend procedure Extra algorithm
Figure 2 Construction of NLPAS
Security and Communication Networks 7
(1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltw2 So we getJmod(w2) (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
Finally we get
X J minus Jmod w2( 1113857
w2 1113936 ai1bi0( )11113874 1113875w2
w2 1113944ai1bi0
1 (9)
(is is really the total number of bits where ai 1 andbi 0 Similarly we can learn that Y is the total number ofbits where ai 0 and bi 1 (erefore the Hamming dis-tance of a
and bis d(a
b
) X + YFrom the above discussion we can see that the main idea
of privacy-preserving Hamming distance computation in-cludes two points First we hide the information of a
and b
in a big prime g Second the different bits (eg ai 1 andbi 0) are counted in an independent part of E eg(1113936(ai1bi0)1)w2 which can be extracted using severalmodulo operations
42 Privacy Preserving (e privacy-preserving requirementis to ensure that the adversary cannot extract a
or b
transmitted in the hiding phaseWe first consider the privacy-preserving requirement for
a where the adversary can be anybody who is able to getcipherA including the CS
From the HidingA algorithm defined in Section 33 itcan be seen that ai isin a
is hidden in ci and di Since pi qi siti and g are random numbers known only by theMU ci anddi are random numbers too
Moreover since the length of g is much longer than pisi and w the lengths of ci and di are determined by qig andtig Since qi and ti are random numbers the lengths of ci anddi are randomly determined by qi and ti regardless of thevalue of ai (ie 0 or 1) (erefore for ai 1 (ieci vi + w pi + qig + w) and aj 0 (iecj vj pj + qjg) it may be ci lt cj Similarly for ai 1 andaj 0 it may be di gt dj (at is to say the set of ci and di
including w may or may not be bigger than the set of ci anddi without w So the adversary cannot get the value of ai
from ci and di by determining that a bigger random ci
represents 1 or a smaller random di represents 1 In otherwords without knowing the set of random secrets(pi qi si ti g) the adversary can extract ai from ci or di onlywith a negligible probability
Furthermore if the length of a is n the probability that
the adversary can get a is (12)n
We then consider the privacy-preserving requirementfor b where the adversary can be anybody who is able to get
cipherB including the MUFrom the InjectingB algorithm defined in Section 33 it
can be seen that bi is hidden in E and F using the additionoperations Knowing the result of addition the adversarycan extract bi only with a negligible probability (ereforethe privacy of b
is ensured by the addition operation
Moreover assuming the MU is the adversary who wantsto extract b
from cipherB E F the MU has to solve the
two equations E (1113936(ai1bi0)1)w2+ (1113936(ai1bi1)1+
1113936bi0pi)w+1113936(ai0bi1)pi + (1113936(bi1)qi + 1113936bi0wqi)g and F
(1113936(ai0bi1)1)w2 + (1113936(ai0 bi 0)1 + 1113936bi1si)w+1113936(ai1bi0)
si + (1113936(bi0)ti + 1113936bi1wti)g Since the MU knows(pi qi si ti g w) these two equations can be treated astwo linear equations with n unknown numbers (ie(b1 middot middot middot bn)) (erefore when ngt 2 there are a number ofsolutions for them In addition for n-bit b
the number of
solutions is (12)n(at is to say the probability that theMUcan extract b
from cipherB (E F) is (12)n
From the above discussion it can be seen that the ad-versary cannot extract a
or b
transmitted in the hidingphase (erefore NLPAS can achieve the privacy-preservinggoal
43 Content Privacy (e content privacy requirement is toensure that the adversary cannot extract content of theinterested image stored on the CS from cipherB(e contentof the interested image is included in b
Since the adversary
cannot extract b
from cipherB as shown in the previoussubsection the content of the interested image stored on theCS cannot be extracted (erefore NLPAS can achieve thecontent privacy goal
44 Auditing (e auditing requirement is to ensure that theMU can determine whether the content in the image storedon the CS meets the MUrsquos requirement (is is ensured bythe Hamming distance If the Hamming distance of a
and b
is smaller than the threshold the MU can determine that thecontent in the image is the one heshe needs Otherwise thecontent in the image is not needed by theMUMoreover thecorrectness of Hamming distance computation is ensured inSection 41
5 Efficiency Evaluation
As shown in Section 3 NLPAS includes two parts featureextracting using the binary convolutional neural networkand similarity computation using the privacy-preservingHamming distance (erefore we mainly evaluate thecomputation costs consumed in these two parts Moreoverfor the feature extracting part we will evaluate the accuracyof the trained model (ie mode)
51 Accuracy To provide a benchmark of efficiency eval-uation we used the MNIST data set [45] and LeNet [46] forcomparing the accuracy of the binary convolutional neuralnetwork with that of the full-precision convolutional neuralnetwork
MNIST [45] is a data set of handwritten digits whichcontains a training set of 60000 examples and a test set of10000 examples And all examples in the training and testdata sets are 28 times 28 binary images
LeNet [46] is a convolutional neural network with threeconvolutional layers two subsampling layers two fullconnection layers an input layer and an output layer
8 Security and Communication Networks
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
) X + YIn this section we shall show that X can really be used
for counting the bits where ai 1 and bi 0 And themeaning of Y can be analyzed in a similar way
We start analyzing the meaning of X from the variable ei
as follows First according to the InjectingB algorithm ei
can be written as
ei ci bi 1
wci bi 01113896 (4)
Second taking the value of ci in the HidingA algorithminto consideration ei can be further written as
ei
vi + w ai 1 bi 1( 1113857
vi ai 0 bi 1( 1113857
w vi + w( 1113857 ai 1 bi 0( 1113857
wvi ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(5)
(ird taking the value of vi in the Init algorithm intoconsideration ei can be written as
ei
pi + qig + w ai 1 bi 1( 1113857
pi + qig ai 0 bi 1( 1113857
w pi + qig + w( 1113857 ai 1 bi 0( 1113857
w pi + qig( 1113857 ai 0 bi 0( 1113857
⎧⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎩
(6)
Fourth considering all the four conditions (ie(ai 1 bi 1) (ai 1 bi 0) (ai 0 bi 1) and(ai 0 bi 0)) together we can compute
E 1113944n
i1ei 1113944
ai1bi1pi + qig + w( 1113857 + 1113944
ai1bi0w pi + qig + w( 1113857( 1113857
+ 1113944ai0bi1
pi + qig( 1113857 + 1113944ai0bi0
w pi + qig( 1113857( 1113857
1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
piw⎛⎝ ⎞⎠ + 1113944
ai0bi1pi
+ 1113944bi1
qi + 1113944bi0
wqi⎛⎝ ⎞⎠g
(7)
Fifth since the length of w is l-bit the length of(1113936(ai1bi0)1)w2 should be no more than log2 n + 2l Since1113936
ni1 pi lt (w minus n)2 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
should be nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi
should be no more than l minus 1 (erefore the length of(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
should be no more than log2 n + 2l + 2 (at is to say(1113936(ai1bi0)1)w2 + (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltg So we get
J Emodg 1113944ai1bi0
1⎛⎝ ⎞⎠w2
+ 1113944ai1bi1
1 + 1113944bi0
pi⎛⎝ ⎞⎠w
+ 1113944ai0bi1
pi
(8)
Sixth since the length of (1113936(ai1bi1)1 + 1113936bi0pi)w is nomore than 2l minus 1 and the length of 1113936(ai0bi1)pi is no morethan l minus 1 the length of (1113936(ai1bi1)1 + 1113936bi0pi)w
+1113936(ai0bi1)pi is no more than 2l minus 1 (at is to say
The initialization phase The hiding phase The extracting phase
Procedure init algorithmInput vector length (n)security strength (l)Output public parameter(PKA) private parameter(SKA)Step 1 MU generates twoprimes w and дStep 2 MU randomlygenerates four setsP = p1 p2 pnQ = q1 q2 qnS = s1 s2 sn andT = t1 t2 tnStep 3 MU computesV = vi = pi + qi д i =1 2 n and U = ui =si + ti д i = 1 2 nStep 4 MU getsSKA = д P Q S T V Uand PKA = wend procedure Initalgorithm
Procedure hiding A algorithmInput vector (a) parameters (PKA andSKA)Output cipher AStep 1 for each ai ∊ a if ai = 1 MUcomputes ci = vi + w and di = ui Otherwise MU computes ci = vi anddi = ui + w
procedure Injecting B algorithmInput vector (b) cliphertext (cipher A)parameter (PKA)Output cipher BStep 1 for each bi ∊ b if bi = 1 CScomputes ei = ci and fi = wdi Otherwise CS computes ei = wci andfi = di
Step 2 MU gets cipher A = C =c1 c2 cn D = d1 d2 dnend procedure Hiding A algorithm
Step 2 CS computes E = sumni=1 ei and
F = sumni=1 fi and cipher B = E F
end procedure Injecting B algorithm
Procedure extra algorithmInput ciphertext (cipher B)parameters (PKA and SKA)Output d(a b)Step 1 MU computesJ = E mod д and K = F mod дStep 2 MU computesX = J - (Jmod(w2))w2 and
Y = K - (Kmod(w2))w2Step 3 MU computesd (a b) = X + Yend procedure Extra algorithm
Figure 2 Construction of NLPAS
Security and Communication Networks 7
(1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltw2 So we getJmod(w2) (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
Finally we get
X J minus Jmod w2( 1113857
w2 1113936 ai1bi0( )11113874 1113875w2
w2 1113944ai1bi0
1 (9)
(is is really the total number of bits where ai 1 andbi 0 Similarly we can learn that Y is the total number ofbits where ai 0 and bi 1 (erefore the Hamming dis-tance of a
and bis d(a
b
) X + YFrom the above discussion we can see that the main idea
of privacy-preserving Hamming distance computation in-cludes two points First we hide the information of a
and b
in a big prime g Second the different bits (eg ai 1 andbi 0) are counted in an independent part of E eg(1113936(ai1bi0)1)w2 which can be extracted using severalmodulo operations
42 Privacy Preserving (e privacy-preserving requirementis to ensure that the adversary cannot extract a
or b
transmitted in the hiding phaseWe first consider the privacy-preserving requirement for
a where the adversary can be anybody who is able to getcipherA including the CS
From the HidingA algorithm defined in Section 33 itcan be seen that ai isin a
is hidden in ci and di Since pi qi siti and g are random numbers known only by theMU ci anddi are random numbers too
Moreover since the length of g is much longer than pisi and w the lengths of ci and di are determined by qig andtig Since qi and ti are random numbers the lengths of ci anddi are randomly determined by qi and ti regardless of thevalue of ai (ie 0 or 1) (erefore for ai 1 (ieci vi + w pi + qig + w) and aj 0 (iecj vj pj + qjg) it may be ci lt cj Similarly for ai 1 andaj 0 it may be di gt dj (at is to say the set of ci and di
including w may or may not be bigger than the set of ci anddi without w So the adversary cannot get the value of ai
from ci and di by determining that a bigger random ci
represents 1 or a smaller random di represents 1 In otherwords without knowing the set of random secrets(pi qi si ti g) the adversary can extract ai from ci or di onlywith a negligible probability
Furthermore if the length of a is n the probability that
the adversary can get a is (12)n
We then consider the privacy-preserving requirementfor b where the adversary can be anybody who is able to get
cipherB including the MUFrom the InjectingB algorithm defined in Section 33 it
can be seen that bi is hidden in E and F using the additionoperations Knowing the result of addition the adversarycan extract bi only with a negligible probability (ereforethe privacy of b
is ensured by the addition operation
Moreover assuming the MU is the adversary who wantsto extract b
from cipherB E F the MU has to solve the
two equations E (1113936(ai1bi0)1)w2+ (1113936(ai1bi1)1+
1113936bi0pi)w+1113936(ai0bi1)pi + (1113936(bi1)qi + 1113936bi0wqi)g and F
(1113936(ai0bi1)1)w2 + (1113936(ai0 bi 0)1 + 1113936bi1si)w+1113936(ai1bi0)
si + (1113936(bi0)ti + 1113936bi1wti)g Since the MU knows(pi qi si ti g w) these two equations can be treated astwo linear equations with n unknown numbers (ie(b1 middot middot middot bn)) (erefore when ngt 2 there are a number ofsolutions for them In addition for n-bit b
the number of
solutions is (12)n(at is to say the probability that theMUcan extract b
from cipherB (E F) is (12)n
From the above discussion it can be seen that the ad-versary cannot extract a
or b
transmitted in the hidingphase (erefore NLPAS can achieve the privacy-preservinggoal
43 Content Privacy (e content privacy requirement is toensure that the adversary cannot extract content of theinterested image stored on the CS from cipherB(e contentof the interested image is included in b
Since the adversary
cannot extract b
from cipherB as shown in the previoussubsection the content of the interested image stored on theCS cannot be extracted (erefore NLPAS can achieve thecontent privacy goal
44 Auditing (e auditing requirement is to ensure that theMU can determine whether the content in the image storedon the CS meets the MUrsquos requirement (is is ensured bythe Hamming distance If the Hamming distance of a
and b
is smaller than the threshold the MU can determine that thecontent in the image is the one heshe needs Otherwise thecontent in the image is not needed by theMUMoreover thecorrectness of Hamming distance computation is ensured inSection 41
5 Efficiency Evaluation
As shown in Section 3 NLPAS includes two parts featureextracting using the binary convolutional neural networkand similarity computation using the privacy-preservingHamming distance (erefore we mainly evaluate thecomputation costs consumed in these two parts Moreoverfor the feature extracting part we will evaluate the accuracyof the trained model (ie mode)
51 Accuracy To provide a benchmark of efficiency eval-uation we used the MNIST data set [45] and LeNet [46] forcomparing the accuracy of the binary convolutional neuralnetwork with that of the full-precision convolutional neuralnetwork
MNIST [45] is a data set of handwritten digits whichcontains a training set of 60000 examples and a test set of10000 examples And all examples in the training and testdata sets are 28 times 28 binary images
LeNet [46] is a convolutional neural network with threeconvolutional layers two subsampling layers two fullconnection layers an input layer and an output layer
8 Security and Communication Networks
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
(1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi ltw2 So we getJmod(w2) (1113936(ai1bi1)1 + 1113936bi0pi)w+1113936(ai0bi1)pi
Finally we get
X J minus Jmod w2( 1113857
w2 1113936 ai1bi0( )11113874 1113875w2
w2 1113944ai1bi0
1 (9)
(is is really the total number of bits where ai 1 andbi 0 Similarly we can learn that Y is the total number ofbits where ai 0 and bi 1 (erefore the Hamming dis-tance of a
and bis d(a
b
) X + YFrom the above discussion we can see that the main idea
of privacy-preserving Hamming distance computation in-cludes two points First we hide the information of a
and b
in a big prime g Second the different bits (eg ai 1 andbi 0) are counted in an independent part of E eg(1113936(ai1bi0)1)w2 which can be extracted using severalmodulo operations
42 Privacy Preserving (e privacy-preserving requirementis to ensure that the adversary cannot extract a
or b
transmitted in the hiding phaseWe first consider the privacy-preserving requirement for
a where the adversary can be anybody who is able to getcipherA including the CS
From the HidingA algorithm defined in Section 33 itcan be seen that ai isin a
is hidden in ci and di Since pi qi siti and g are random numbers known only by theMU ci anddi are random numbers too
Moreover since the length of g is much longer than pisi and w the lengths of ci and di are determined by qig andtig Since qi and ti are random numbers the lengths of ci anddi are randomly determined by qi and ti regardless of thevalue of ai (ie 0 or 1) (erefore for ai 1 (ieci vi + w pi + qig + w) and aj 0 (iecj vj pj + qjg) it may be ci lt cj Similarly for ai 1 andaj 0 it may be di gt dj (at is to say the set of ci and di
including w may or may not be bigger than the set of ci anddi without w So the adversary cannot get the value of ai
from ci and di by determining that a bigger random ci
represents 1 or a smaller random di represents 1 In otherwords without knowing the set of random secrets(pi qi si ti g) the adversary can extract ai from ci or di onlywith a negligible probability
Furthermore if the length of a is n the probability that
the adversary can get a is (12)n
We then consider the privacy-preserving requirementfor b where the adversary can be anybody who is able to get
cipherB including the MUFrom the InjectingB algorithm defined in Section 33 it
can be seen that bi is hidden in E and F using the additionoperations Knowing the result of addition the adversarycan extract bi only with a negligible probability (ereforethe privacy of b
is ensured by the addition operation
Moreover assuming the MU is the adversary who wantsto extract b
from cipherB E F the MU has to solve the
two equations E (1113936(ai1bi0)1)w2+ (1113936(ai1bi1)1+
1113936bi0pi)w+1113936(ai0bi1)pi + (1113936(bi1)qi + 1113936bi0wqi)g and F
(1113936(ai0bi1)1)w2 + (1113936(ai0 bi 0)1 + 1113936bi1si)w+1113936(ai1bi0)
si + (1113936(bi0)ti + 1113936bi1wti)g Since the MU knows(pi qi si ti g w) these two equations can be treated astwo linear equations with n unknown numbers (ie(b1 middot middot middot bn)) (erefore when ngt 2 there are a number ofsolutions for them In addition for n-bit b
the number of
solutions is (12)n(at is to say the probability that theMUcan extract b
from cipherB (E F) is (12)n
From the above discussion it can be seen that the ad-versary cannot extract a
or b
transmitted in the hidingphase (erefore NLPAS can achieve the privacy-preservinggoal
43 Content Privacy (e content privacy requirement is toensure that the adversary cannot extract content of theinterested image stored on the CS from cipherB(e contentof the interested image is included in b
Since the adversary
cannot extract b
from cipherB as shown in the previoussubsection the content of the interested image stored on theCS cannot be extracted (erefore NLPAS can achieve thecontent privacy goal
44 Auditing (e auditing requirement is to ensure that theMU can determine whether the content in the image storedon the CS meets the MUrsquos requirement (is is ensured bythe Hamming distance If the Hamming distance of a
and b
is smaller than the threshold the MU can determine that thecontent in the image is the one heshe needs Otherwise thecontent in the image is not needed by theMUMoreover thecorrectness of Hamming distance computation is ensured inSection 41
5 Efficiency Evaluation
As shown in Section 3 NLPAS includes two parts featureextracting using the binary convolutional neural networkand similarity computation using the privacy-preservingHamming distance (erefore we mainly evaluate thecomputation costs consumed in these two parts Moreoverfor the feature extracting part we will evaluate the accuracyof the trained model (ie mode)
51 Accuracy To provide a benchmark of efficiency eval-uation we used the MNIST data set [45] and LeNet [46] forcomparing the accuracy of the binary convolutional neuralnetwork with that of the full-precision convolutional neuralnetwork
MNIST [45] is a data set of handwritten digits whichcontains a training set of 60000 examples and a test set of10000 examples And all examples in the training and testdata sets are 28 times 28 binary images
LeNet [46] is a convolutional neural network with threeconvolutional layers two subsampling layers two fullconnection layers an input layer and an output layer
8 Security and Communication Networks
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
For implementation we used the BMXnet [47] whichprovided basic binarization operations for convolutionalneural networks After experimentation we got the results asshown in Table 3
From Table 3 it can be seen that
(1) (e accuracy of the binary LeNet is slightly lowerthan that of the full-precision LeNet (e accuracyreduced by using the binary LeNet is around099 minus 097099 asymp 2
(2) (emodel size of the binary LeNet ismuch lower thanthat of the full-precision LeNet(ememory saved bybinary LeNet is around 46 minus 0246 asymp 957
In other words by using the binary convolutional neuralnetwork instead of the traditional full-precision convolu-tional neural network the accuracy is only slightly reducedbut the memory is largely saved (erefore the binaryconvolutional neural network is quite suitable for the mobilecrowdsourcing network where mobile devices are withlimited storage resources (e above evaluation shows thatNLPAS fulfills the fifth requirement listed in Section 1 (iethe accuracy requirement)
52 Computation Costs (e computation cost of NLPASincludes the time cost consumed by the binary LeNet modeland those consumed by mathematical operations To testthese time costs we conducted our experiment on a laptopwith an Intel i7-4770hq processor and an ubuntu-1804operating system (en we used OPENSSL [48] as thecryptographic library
For the binary LeNet we take the features extracted bythe last full-connection layer as the input vectors (ie a
andb) (erefore the vector length is n 84 [46] To provide a
basic security level we set l 256 and the length of g islog2 n + 2l + 2 521 To make sure 1113936
ni1 pi lt (w minus n)2 and
1113936ni1 si lt (w minus n)2 we set the lengths of pi and si to be 500
bit (en we set the lengths of qi and ti to be 683 bit so thatthe lengths of vi and ui are around 1024 bit
After the initial settings we can count the mathematicaloperations in the hiding and extracting phases as listed inTable 4 From Table 4 it can be seen that all mathematicaloperations are run over 1024 bit and 512 bit fields
(en we tested the time costs consumed by thesemathematical operations on the above laptop and the av-erage results of running them for 1000000 times are shownin Table 5 From Table 5 it can be seen that the time costs ofmathematical operations are at the μs level
Taking the results in Table 5 into Table 4 we can get thecomputation costs of algorithms in NLPAS as shown inTable 6 From Table 6 it can be seen that the computationcost of mathematical operations on the MU (ie time costsof HidingA and Extra) is much lower than that on the CS(ie InjectingB) (erefore NLPAS is suitable for mobilecrowdsourcing networks where MU is with limited com-putation resources
(e time costs of the binary LeNet and the full-precisionLeNet are shown in Table 7 where the results are averagevalues of running the feature extracting process for 1000000
times From Table 7 it can be seen that the computation costof feature extracting in NLPAS can be largely reduced byusing the binary convolutional neural network instead of thefull-precision convolutional neural network
(e above evaluation shows that NLPAS fulfills thefourth requirement listed in Section 1 (ie the computationcost requirement)
53 Implementation of NLPAS To make sure that NLPAScan work well we implemented it In our experimentalenvironment there were one laptop and one computer (elaptop acts as the MU and the computer acts as the CS (eresult shows that the total running time in the auditingprotocol is approximately 03ms (erefore NLPAS isfeasible for being deployed in the real world
6 Conclusions
In this paper we have proposed a noninteractive lightweightprivacy-preserving auditing protocol on images in mobilecrowdsourcing networks called NLPAS NLPAS allows the
Table 3 Accuracy comparison
Accuracy Model sizeBinary LeNet 097 02MBFull-precision LeNet 099 46MB
Table 4 Number of mathematical operations in NLPAS
HidingA InjectingB Extra+ (1024 minus bit) 84 166 0times (1024 minus bit) 0 84 0mod (1024 minus bit) 0 0 2mod (512 minus bit) 0 0 2divide (512 minus bit) 0 0 2minus (512 minus bit) 0 0 2+ (512 minus bit) 0 0 2
Table 5 Time costs of mathematical operations (unit μs)
+ (1024 minus bit) 022times (1024 minus bit) 169mod (1024 minus bit) 219mod (512 minus bit) 098divide (512 minus bit) 103minus (512 minus bit) 016+ (512 minus bit) 014
Table 6 Computation costs of algorithms in NLPAS (unit μs)
HidingA InjectingB Extra1848 17848 900
Table 7 Computation costs of algorithms in NLPAS (unit μs)
Binary LeNet Full-precision LeNet566 14352
Security and Communication Networks 9
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
mobile user to audit images stored on the crowdsourcingserver without downloading them Moreover to achievehigh efficiency this paper introduced the binary convolu-tional neural network technique to the newly proposedauditing protocol and designed a novel privacy-preservingHamming distance computation algorithm using basicmathematical operations Experimental results show thatNLPAS is feasible for real-world applications
In this paper we mainly focused on the privacy-pre-serving issue of the newly designed auditing protocol formobile crowdsourcing networks However several moreissues are to be addressed in the future First NLPAS doesnot consider the integrity of transmitted messages (ere-fore a new security protocol is needed to prevent thesemessages from being tampered by adversaries SecondNLPAS used the binary convolutional neural network forextracting a binary vector from images However in manyscenarios feature vectors may be extracted using full-pre-cision neural networks which are not binarized(erefore anew technique is needed to convert the full-precision featurevector to a binarized one To address these issues futureworks are needed
Data Availability
(e data used to support the findings of this study areavailable at httpyannlecuncomexdbmnist
Conflicts of Interest
(e authors declare that there are no conflicts of interestregarding the publication of this paper
Acknowledgments
(is paper was supported by the NSFC (nos 71402070 and61101088) the NSF of Jiangsu Province (no BK20161099)and the Jiangsu Provincial Key Laboratory of ComputerNetwork Technology
References
[1] J Howe ldquo(e rise of crowdsourcingrdquo Wired Magazinevol 14 no 6 pp 1ndash4 2006
[2] D He M S Chan and M Guizani ldquoUser privacy and datatrustworthiness in mobile crowd sensingrdquo IEEE WirelessCommunications vol 22 no 1 pp 28ndash34 2015
[3] W Feng Z Yan H Zhang et al ldquoA survey on securityprivacy and trust in mobile crowdsourcingrdquo IEEE Internet ofings Journal vol 5 no 4 2017
[4] L R Varshney ldquoPrivacy and reliability in crowdsourcingservice deliveryrdquo in Proceedings of the 2012 Annual SRIIGlobal Conference San Jose CA USA July 2012
[5] J Ren Y Zhang K Zhang and X Shen ldquoSACRM socialaware crowdsourcing with reputation management in mobilesensingrdquo Computer Communications vol 65 pp 55ndash65 2015
[6] A Etuk T J Norman C Bisdikian and M Srivatsa ldquoA trustassessment framework for inferencing with uncertainstreaming informationrdquo in Proceedings of the 2013 IEEE In-ternational Conference on Pervasive Computing and
Communications Workshops (PERCOMrsquo2013) pp 475ndash480San Diego CA USA March 2013
[7] R W Ouyang M Srivastava A Toniolo and T J NormanldquoTruth discovery in crowdsourced detection of spatial eventsrdquoIEEE Transactions on Knowledge and Data Engineeringvol 28 no 4 pp 1047ndash1060 2016
[8] B Kantarci and H T Mouftah ldquoTrustworthy crowdsourcingvia mobile social networksrdquo in Proceedings of the 2014 IEEEGlobal Communications Conference pp 2905ndash2910 AustinTX USA December 2014
[9] B Kantarci and H T Mouftah ldquoMobility-aware trustworthycrowdsourcing in cloud-centric internet of thingsrdquo in Pro-ceedings of the 2014 IEEE Symposium on Computers andCommunications (ISCC) pp 1ndash6 Funchal Portugal June2014
[10] S Reddy D Estrin and M Srivastava ldquoRecruitmentframework for participatory sensing data collectionsrdquo inProceedings of the International Conference Pervasive Com-puting (PERVASIVErsquo12) pp 138ndash155 Helsinki Finland May2012
[11] R W Ouyang L M Kaplan A Toniolo M Srivastava andT J Norman ldquoAggregating crowdsourced quantitativeclaims additive and multiplicative modelsrdquo IEEE Transac-tions on Knowledge and Data Engineering vol 28 no 7pp 1621ndash1634 2016
[12] T Kubota and M Aritsugi ldquoHow many ground truths shouldwe insert having good quality of labeling tasks in crowd-sourcingrdquo in Proceedings of the IEEE Conference ComputerSoftware and Applications Conference (COMPSACrsquo15)pp 796ndash805 Taichung Taiwan July 2015
[13] G Wang B Wang T Wang A Nika H Zheng andB Y Zhao ldquoDefending against sybil devices in crowdsourcedmapping servicesrdquo in Proceedings of the 14th Annual Inter-national Conference on Mobile Systems Applications andServicesmdashMobiSysrsquo16 pp 179ndash191 Singapore June 2016
[14] C Prandi S Ferretti S Mirri and P Salomoni ldquoA trust-worthiness model for crowdsourced and crowdsensed datardquoin Proceedings of the Conference TrustcomBigDataSEISPApp 1261ndash1266 Helsinki Finland August 2015
[15] G Drosatos P S Efraimidis I N Athanasiadis E DrsquoHondtandM Stevens ldquoA privacy-preserving cloud computing systemfor creating participatory noise mapsrdquo in Proceedings of theIEEE Annual Conference Computer Software and Applications(COMPSAC) Article ID 581586 Izmir Turkey July 2012
[16] C Meng W Jiang Y Li et al ldquoTruth discovery on crowdsensing of correlated entitiesrdquo in Proceedings of the 13th ACMConference on Embedded Networked SensorSystemsmdashSenSysrsquo15 pp 150ndash163 Seoul South Korea No-vember 2015
[17] T Zhou Z Cai K Wu Y Chen and M Xu ldquoFIDC aframework for improving data credibility in mobile crowd-sensingrdquo Computer Networks vol 120 pp 157ndash169 2017
[18] F G MntherMark and P ManulisAndreas ldquoPrivacy-en-hanced participatory sensing with collusion resistance anddata aggregationrdquo in Proceedings of the Cryptology andNetwork Security (CANSrsquo14) pp 321ndash336 Hong Kong ChinaDecember 2014
[19] G Zhuo Q Jia L Guo M Li and P Li ldquoPrivacy-preservingverifiable data aggregation and analysis for cloud-assistedmobile crowdsourcingrdquo in Proceedings of the Annual IEEEConference Computer Communications (INFOCOMrsquo16)pp 1ndash9 San Francisco CA USA April 2016
[20] S Blasco J Bustos-Jimenez G Font A Hevia and M GraziaPrato ldquoA three-layer approach for protecting smart-citizens
10 Security and Communication Networks
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
privacy in crowdsensing projectsrdquo in Proceedings of the In-ternational Conference of the Chilean Computer Science So-ciety (SCCCrsquo15) pp 1ndash5 Santiago Chile November 2015
[21] C Miao W Jiang L Su et al ldquoCloud-enabled privacy-preserving truth discovery in crowd sensing systemsrdquo inProceedings of the 13th ACM Conference on Embedded Net-worked Sensor SystemsmdashSenSysrsquo15 pp 183ndash196 Seoul SouthKorea November 2015
[22] J Chen H Ma and D Zhao ldquoPrivate data aggregation withintegrity assurance and fault tolerance for mobile crowd-sensingrdquo Wireless Networks vol 23 no 1 pp 131ndash144 2015
[23] S Wang L Huang M Tian W Yang H Xu and H GuoldquoPersonalized privacy-preserving data aggregation for histo-gram estimationrdquo in Proceedings of the IEEE ConferenceGlobal Communications (GLOBECOMrsquo15) pp 1ndash6 SanDiego CA USA December 2015
[24] L R Varshney A Vempaty and P K Varshney ldquoAssuringprivacy and reliability in crowdsourcing with codingrdquo inProceedings of the Information eory and ApplicationsWorkshop (ITArsquo14) pp 1ndash6 San Diego CA USA February2014
[25] H Jin L Su H Xiao and K Nahrstedt ldquoInceptionrdquo inProceedings of the 17th ACM International Symposium onMobile Ad Hoc Networking and ComputingmdashMobiHocrsquo16pp 341ndash350 Paderborn Germany July 2016
[26] Y Wu Y Wu H Peng H Chen and C Li ldquoMagicrowd acrowd based incentive for location-aware crowd sensingrdquo inProceedings of the IEEE Conference Wireless Communicationsand Networking (WCNCrsquo16) pp 1ndash6 Doha Qatar April2016
[27] L Pournajaf L Xiong and V Sunderam ldquoDynamic datadriven crowd sensing task assignmentrdquo Procedia ComputerScience vol 29 pp 1314ndash1323 2014
[28] L Pournajaf L Xiong V Sunderam and S GoryczkaldquoSpatial task assignment for crowd sensing with cloaked lo-cationsrdquo in Proceedings of the IEEE International ConferenceMobile Data Management (MDMrsquo14) pp 73ndash82 BrisbaneAustralia July 2014
[29] H To G Ghinita and C Shahabi ldquoA framework for pro-tecting worker location privacy in spatial crowdsourcingrdquoProceedings of the VLDB Endowment vol 7 no 10pp 919ndash930 2014
[30] L Zhang X Lu P Xiong and T Zhu ldquoA differentially privatemethod for reward-based spatial crowdsourcingrdquo in Pro-ceedings of the Springer International Conference Applicationsand Techniques in Information Security (ATISrsquo14) pp 153ndash164 Melbourne Australia November 2015
[31] D Christin F Engelmann and M Hollick ldquoUsable privacyfor mobile sensing applicationsrdquo in Proceedings of the In-ternational Workshop On Information Security eory AndPractice (WISTPrsquo14) pp 92ndash107 Heraklion Greece 2014
[32] I Krontiris and T Dimitriou ldquoPrivacy-respecting discoveryof data providers in crowd-sensing applicationsrdquo in Pro-ceedings of the IEEE International Conference DistributedComputing in Sensor Systems (DCOSSrsquo13) pp 249ndash257Cambridge MA USA May 2013
[33] J Ren Y Zhang K Zhang and X Shen ldquoExploiting mobilecrowdsourcing for pervasive cloud services challenges andsolutionsrdquo IEEE Communications Magazine vol 53 no 3pp 98ndash105 2015
[34] Y Gong L Wei Y Guo C Zhang and Y Fang ldquoOptimaltask recommendation for mobile crowdsourcing with privacycontrolrdquo IEEE Internet of ings Journal vol 3 no 5pp 745ndash756 2016
[35] Y Gong Y Guo and Y Fang ldquoA privacy-preserving taskrecommendation framework for mobile crowdsourcingrdquo inProceedings of the IEEE Confrence Global CommunicationsConference (Globecomrsquo14) pp 588ndash593 Austin TX USADecember 2014
[36] H Ma E X Huang and K-Y Lam ldquoBlockchain-basedmechanism for fine-grained authorization in data crowd-sourcingrdquo Future Generation Computer Systems vol 106pp 121ndash134 2020
[37] C Lin D He S Zeadally et al ldquoSecBCS a secure and privacy-preserving blockchain-based crowdsourcing systemrdquo ScienceChina-Information Sciences vol 63 no 3 2020
[38] H Wu L Wang and X Guoliang ldquoPrivacy-aware task al-location and data aggregation in fog-assisted spatial crowd-sourcingrdquo IEEE Transactions on Network Science andEngineering vol 7 no 1 pp 589ndash602 2020
[39] D Belli S Chessa B Kantarci et al ldquoToward fog-basedmobile crowdsensing systems state of the art and opportu-nitiesrdquo IEEE Communications Magazine vol 57 no 12pp 78ndash83 2019
[40] W Liu X Wang and W Peng ldquoSecure remote multi-factorauthentication scheme based on chaotic map zero-knowledgeproof for crowdsourcing internet of thingsrdquo IEEE Accessvol 8 pp 8754ndash8767 2020
[41] H Qin R Gong X liu X Bai J Song and N Sebe ldquoBinaryneural networks a survey pattern recognitionrdquo 2020
[42] M Norouzi D J Fleet and R Salakhutdinov HammingDistance Metric Learning Neural Information ProcessingSystems Curran Associates Inc Red Hook NY USA 2012
[43] M Rastegari V Ordonez J Redmon et al ldquoXNOR-netimagenet classification using binary convolutional neuralnetworksrdquo in Proceedings of the European Conference onComputer Vision Springer Amsterdam Netherlands 2016
[44] Y Bengio N Leonard and A Courville ldquoEstimating orpropagating gradients through stochastic neurons for con-ditional computationrdquo 2013 httpsarxivorgabs13083432
[45] Y LeCun ldquo(e MNIST databse of handwritten digitsrdquo 1998httpsyannlecuncomexdbmnist
[46] Y Lecun Y Bengio and P Haffner ldquoGradient-based learningapplied to document recognitionrdquo Proceedings of the IEEEvol 86 no 11 pp 2278ndash2324 1998
[47] Hasso Plattner Institute ldquoXnor enhanced neural netsrdquo 2019httpsgithubcomhpi-xnor
