A novel dual cloud server privacy-preserving scheme in spatial crowdsourcing

Abstract

As a service for the public, the issue of location leakage in spatial crowdsourcing has attracted extensive attention from researchers and institutions in recent years. Facing this challenge, several encryption-based schemes have been proposed to protect participants' location information from untrusted cloud servers. However, these schemes mainly target insider threats but ignore the collusion problem between dishonest users and cloud servers. In this paper, we define the problem of Brute-Force Attack under collusion between dishonest users and cloud servers and find that there is no solution that can both guarantee efficient task assignment and address this attack. To fill this gap, we propose a novel dual cloud server privacy-preserving scheme. First, utilizing the GeoHash encoding algorithm, we design a grid-based index tree structure and a task assignment method called Locate-then-Find to achieve faster-than-linear assignment efficiency. Considering that traditional system models fail to address the problem of Brute-Force Attack while ensuring efficiency, we then design a dual cloud server system model, and propose a multi-user Two-Step Location Encryption scheme to protect participants' locations. In our model, both high efficiency and high security are promised. Security analysis demonstrates that our scheme is provably secure in the random oracle model and resistant to the Brute-Force Attack. In the experimental analysis, we first evaluate the resistance of existing grid-based schemes against the Brute-Force Attack, and subsequently demonstrate the performance of our scheme on a real-world dataset. The final comparison experiments show that our scheme exhibits superior performance under the same security conditions.