Privacy-preserving community sensing for medical research with duplicated perturbation

Community sensing is an emerging paradigm that enables the increasing number of mobile device users to share the minute statistics collected by themselves. In particular, this system is expected to be used for medical and public health research studies, as these mobile devices are in close proximity of the users almost at all times. However, since the mobile devices collect users´ sensitive information, a number of privacy concerns will hinder the spread of community sensing applications for medical research. Therefore, we require an environment that enables general users to join community mobile sensing. A widely known technique for preserving privacy in mobile sensing is data perturbation, which adds noises on the user side and allows the central server to reconstruct the statistics of the original data. In this paper, we review a critical vulnerability of state-of-the-art perturbation schemes in which a malicious attacker may restore users´ sensitive information from the perturbed data through long-term monitoring attacks. To overcome such vulnerability, we propose privacy-preserving community sensing with multidimensional randomized response, in which all sensed data are processed twice. Using our scheme, we are able to collect users´ medical information with security. We evaluate how our scheme can preserve privacy while maintaining the data integrity of aggregated information.