A Security and Privacy-Preserving Consortium Blockchain-Based Accessing Control in Mobile Crowdsensing

Abstract

In current mobile crowdsensing (MCS) systems, there is limited attention given to the security threats associated with access to the profile records (PR) of participating mobile devices. For example, most existing studies consider stakeholders of MCS applications as fully trusted entities, which granting them unlimited authorization to access the Participated Mobile Devices’ PR for the purpose of collecting sensing data. From this point, hackers may exploit this trusted point to gain unlimited authorization access to a particular participated mobile devices. They can achieve this by launching attacks, such as creating counterfeit applications as a trusted MCS applications and then posing as legitimate stakeholders to request access to the targeted devices. Thus, the hacker will gain full authorized access to the participating mobile devices’ PR, in which will result in the disclosure of security and privacy-related information of their participated devices. Therefore, the blockchain paradigm is recommended as the optimal solution for ensuring data access, owing to its advantages of immutability. However, because the blockchain is a decentralized database, a malicious MCS-server will be able to disclose the privacy of participating mobile devices by linking multiple blocks generated for the same device while it performs different tasks. Based on the aforementioned issue, this work designs a consortium blockchain-based access control system to protect the privacy rights of participating mobile devices in MCS. Furthermore, an efficient searchable keyword encryption methodology is proposed to link between the consortium blockchain and the privacy blockchain, thereby enhancing system security and access control. Finally, a security analysis and performance evaluation are conducted to demonstrate the efficiency of the proposed protocol.