A Security and Privacy-Preserving Consortium Blockchain-Based Accessing Control in Mobile Crowdsensing

Abstract

In current mobile crowdsensing (MCS) systems, very little attention is given to
the security risks related to accessing the profile records (PR) of participating mobile devices.
Many existing studies assume that MCS stakeholders are fully trusted, giving them unrestricted
authorization to access device PR for collecting sensing data. This trust can be exploited by
attackers, who may create fake applications that appear as legitimate MCS services to request
access to targeted devices. As a result, hackers can obtain full authorized access to PR, leading to
the exposure of sensitive security and privacy information. To address this issue, blockchain is
suggested as a suitable solution due to its immutability. However, since blockchain is
decentralized, a malicious MCS server could still link multiple blocks from the same device and
reveal user privacy. Therefore, this work proposes a consortium blockchain based access control
system to protect the privacy of participating mobile devices. Additionally, a searchable keyword
encryption method is introduced to connect the consortium blockchain with a privacy
blockchain, enhancing security and access control. Finally, security analysis and performance
evaluation are carried out to demonstrate the effectiveness of the proposed protocol.