On the Security of “P2AE: Preserving privacy, accuracy, and efﬁciency in location-dependent mobile crowdsensing”
Mobile crowdsensing (MCS) is a promising sensing paradigm which allows users to outsource a range of sensing tasks to a crowd of mobile workers with mobile devices. Location-dependent MCS, as the name implies, is a geographically-dependent sensing paradigm in which service requestors outsource location-speciﬁc tasks to many workers with mobile devices, and the workers accepting the tasks collect data at a particular location by physically arriving at the desired locations. Many efforts have been devoted to protecting location privacy of the tasks and the workers accepting the tasks while ensuring task allocation accuracy and efﬁciency. In 2021, Jiang et al. proposed P2AE, a privacy-preserving protocol for location-dependent MCS. To achieve the privacy-preserving task release and task allocation, they designed a location based symmetric key generator, which enables the service requestor and workers with mobile devices in the task area to generate the same key themselves without disclosing the location information to the service provider. The privacy they claimed to achieve includes the locations of workers, task location, and task content. However, in this paper, we demonstrate that P2AE is vulnerable to brute force attacks. Speciﬁcally, we show that with brute force attacks, the service provider can obtain the locations of workers, task location, and task content with a high probability, which completely breaches the security of P2AE. We hope that by identifying the security issue, similar errors can be avoided in future designs of privacy-preserving protocol for location-dependent MCS.
Email Address of Submitting Authorlfucai@126.com
Submitting Author's InstitutionZhejiang Gongshang University
Submitting Author's Country