Preserving query privacy in urban sensing systems

Urban Sensing is an emerging paradigm that combines the ubiquity of smartphones with measurement capabilities of sensor networks. While this concept is still in development, related security and privacy concerns become increasingly more relevant. In this paper, we focus on a number of scenarios where nodes of an Urban Sensing system are subject to individual queries. We address the problem of protecting query privacy (i.e., hiding which node matches the query) and data privacy (i.e., hiding sensed data). We introduce a realistic network model and two novel adversarial models: resident and non-resident adversaries. For each of them, we propose a distributed privacy-preserving technique and evaluate its effectiveness via analysis and simulation. To the best of our knowledge, this is the first attempt to define and address both query and data privacy in the context of Urban Sensing. Our techniques are tunable, trading off the level of privacy assurance with a small overhead increase. We additionally provide a relevant improvement of data reliability and availability, while only relying on standard symmetric cryptography. The practicality of our proposals is demonstrated both analytically and experimentally.