logo

SCIENCE CHINA Information Sciences, Volume 63 , Issue 3 : 130102(2020) https://doi.org/10.1007/s11432-019-9893-2

SecBCS: a secure and privacy-preserving blockchain-based crowdsourcing system

More info
  • ReceivedFeb 27, 2019
  • AcceptedMay 14, 2019
  • PublishedFeb 11, 2020

Abstract

A robust and scalable crowd management infrastructure is crucial in addressing operational challenges when deploying high-density sensors and actuators in a smart city. While crowdsourcing is widely used in crowd management, conventional solutions, such as Upwork and Amazon Mechanical Turk, generally depend on a trusted third-party platform. There exist several potential security concerns (e.g., sensitive leakage, single point of failure and unfair judgment) in such a centralized paradigm. Hence, a recent trend in crowdsourcing is to leverage blockchain (a decentralized ledger technology) to address some of the existing limitations. A small number of blockchain-based crowdsourcing systems (BCSs) with incentive mechanisms have been proposed in the literature, but they are generally not designed with security in mind. Thus, we study the security and privacy requirements of a secure BCS and propose a concrete solution (i.e., SecBCS) with a prototype implementation based on JUICE.


Acknowledgment

This work was supported in part by National Key Research and Development Program of China (Grant No. 2018YFC1604004), National Natural Science Foundation of China (Grant Nos. 61572379, 61772377, 61841701), and Natural Science Foundation of Hubei Province of China (Grant Nos. 2017CFA007, 2015CFA068). The last author is supported by Cloud Technology Endowed Professorship. We thank the anonymous reviewers for their valuable comments and feedback which helped us to improve the content and presentation of this paper.


References

[1] Su K, Jie L, Fu H. Smart city and the applications. In: Proceedings of International Conference on Electronics, Ningbo, 2011. 1028--1031. Google Scholar

[2] Zanella A, Bui N, Castellani A. Internet of Things for Smart Cities. IEEE Internet Things J, 2014, 1: 22-32 CrossRef Google Scholar

[3] Li M, Weng J, Yang A. CrowdBC: A Blockchain-Based Decentralized Framework for Crowdsourcing. IEEE Trans Parallel Distrib Syst, 2019, 30: 1251-1266 CrossRef Google Scholar

[4] Lu Y, Tang Q, Wang G. Zebralancer: private and anonymous crowdsourcing system atop open blockchain. In: Proceedings of the 38th IEEE International Conference on Distributed Computing Systems, Vienna, 2018. 853--865. Google Scholar

[5] Buccafurri F, Lax G, Nicolazzo S, et al. Tweetchain: an alternative to blockchain for crowd-based applications. In: Proceedings of the 17th International Conference on Web Engineering, Rome, 2017. 386--393. Google Scholar

[6] Ben-Sasson E, Chiesa A, Genkin D, et al. Snarks for C: verifying program executions succinctly and in zero knowledge. In: Proceedings of Advances in Cryptology-CRYPTO, California, 2013. 90--108. Google Scholar

[7] McInnis B, Cosley D, Nam C, et al. Taking a HIT: designing around rejection, mistrust, risk, and workers' experiences in amazon mechanical turk. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, California, 2016. 2271--2282. Google Scholar

[8] Salehi N, Irani L C, Bernstein M S, et al. We are dynamo: overcoming stalling and friction in collective action for crowd workers. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, Seoul, 2015. 1621--1630. Google Scholar

[9] Li Q, Cao G. Providing efficient privacy-aware incentives for mobile sensing. In: Proceedings of IEEE 34th International Conference on Distributed Computing Systems, Madrid, 2014. 208--217. Google Scholar

[10] Rahaman S, Cheng L, Yao D D. Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation. Proc Privacy Enhancing Technologies, 2017, 2017(4): 384-403 CrossRef Google Scholar

[11] Gisdakis S, Giannetsos T, Papadimitratos P. Security, Privacy, and Incentive Provision for Mobile Crowd Sensing Systems. IEEE Internet Things J, 2016, 3: 839-853 CrossRef Google Scholar

[12] Tanas C, Delgado-Segura S, Herrera-Joancomart'ı J. An integrated reward and reputation mechanism for MCS preserving users' privacy. In: Proceedings of the 10th International Workshop and the 4th International Workshop, Vienna, 2015. 83--99. Google Scholar

[13] Muehlemann A. Sentiment protocol: A decentralized protocol leveraging crowd sourced wisdom. 2017,. arXiv Google Scholar

[14] Lin C, He D, Huang X, et al. A new transitively closed undirected graph authentication scheme for blockchain-based identity management systems. IEEE Access, 2018, 6: 28203--28212. Google Scholar

[15] Feng Q, He D, Zeadally S. A survey on privacy protection in blockchain system. J Network Comput Appl, 2019, 126: 45-58 CrossRef Google Scholar

[16] Lin C, He D B, Huang X Y, et al. Blockchain-based system for secure outsourcing of bilinear pairings. Inf Sci, 2018. doi: 10.1016/j.ins.2018.12.043. Google Scholar

[17] Veeningen M. Pinocchio-based adaptive zk-SNARKs and secure/correct adaptive function evaluation. In: Proceedings of the 9th International Conference on Cryptology, Senegal, 2017. 21--39. Google Scholar

[18] Kosba A, Miller A, Shi E, et al. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In: Proceedings of the 37th IEEE Symposium on Security and Privacy, California, 2016. 839--858. Google Scholar

[19] Christidis K, Devetsikiotis M. Blockchains and Smart Contracts for the Internet of Things. IEEE Access, 2016, 4: 2292-2303 CrossRef Google Scholar

[20] Zhang Y, Wen J. The IoT electric business model: Using blockchain technology for the internet of things. Peer-to-Peer Netw Appl, 2017, 10: 983-994 CrossRef Google Scholar

[21] Parizi R M, Dehghantanha A, Choo K K R, et al. Empirical vulnerability analysis of automated smart contracts security testing on blockchains. In: Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering, Markham, 2018. 103--113. Google Scholar

[22] Luu L, Chu D H, Olickel H, et al. Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, New York, 2016. 254--269. Google Scholar

[23] Mavridou A, Laszka A. Designing secure ethereum smart contracts: A finite state machine based approach. 2017,. arXiv Google Scholar

[24] Parizi R M, Singh A, Dehghantanha A. Smart contract programming languages on blockchains: an empirical evaluation of usability and security. In: Proceedings of the 1st International Conference on Blockchain Blockchain, Washington, 2018. 75--91. Google Scholar

[25] Chaum D, van Heyst E. Group signatures. In: Proceedings of Advances in Cryptology-EUROCRYPT, Brighton, 1991. 257--265. Google Scholar

[26] Ho T H, Yen L H, Tseng C C. Simple-Yet-Efficient Construction and Revocation of Group Signatures. Int J Found Comput Sci, 2015, 26: 611-624 CrossRef Google Scholar

[27] Waters B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Proceedings of 14th International Conference on Practice and Theory in Public Key Cryptography, Taormina, 2011. 53--70. Google Scholar

[28] Daemen J, Rijmen V. The Design of Rijndael: AES - The Advanced Encryption Standard. Berlin: Springer, 2002. Google Scholar

[29] Poulpita. Trusted execution environment, millions of users have one, do you have yours?, 2017. https://poulpita.com/2014/02/18/trusted-execution-environment-do-you-have-yours/. Google Scholar

[30] Lin C, He D, Huang X. BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0. J Network Comput Appl, 2018, 116: 42-52 CrossRef Google Scholar

[31] Castro M, Liskov B. Practical byzantine fault tolerance. In: Proceedings of the Third USENIX Symposium on Operating Systems Design and Implementation, Louisiana, 1999. 173--186. Google Scholar

[32] Ongaro D, Ousterhout J. In search of an understandable consensus algorithm. In: Proceedings of 2014 USENIX Annual Technical Conference, Philadelphia, Pennsylvania, 2014. 305--319. Google Scholar

  • Figure 1

    (Color online) Architecture of a typical blockchain-based crowdsourcing system (BCS).

  • Figure 2

    The structure of a request transaction.

  • Figure 3

    Deployment of publishing a crowdsourcing task.

  • Figure 4

    Procedure for executing a crowdsourcing task.

  • Figure 5

    (Color online) Variation of the average time cost with the number of concurrent transactions.

  •   

    Algorithm 1 Part 1 — smart contract on CST

    t

    Require: Function name, invoked parameters; Ensure: Setting up functions: structure CSTask % The structure of a crowdsourcing task.

    function sf CST) % Constructor, automatically invoked when this contract is deployed.

    function payable sf uploadTaskhashVerifyCode, predicate, encTask, taskPrice) % A conditional function invoked by the user to upload a crowdsourcing task by paying the claimed reward.

    function public sf uploadPKtaskID, publicKey, encKey) % Invoked by a user to upload the TEE's chosen public key.

    function public sf getTaskattributes) % Invoked by the worker to obtain a crowdsourcing task.

    function public sf executeTasktaskID, vSig, encResult) % Invoked by the worker to upload the result and obtain the reward.

    taskID; % Identity of a task

    predicate; % Predicate in the attribute-based encryption

    ${\rm~hash}_{\rm~vc}$; % Hash of the crowdsourcing verification procedure

    ${\rm~enc}_t$; % Ciphertext of task under attribute-based encryption

    reward; % Reward of executing the task

    ${\rm~pk}_t$; % Task of unique public key generated by TEE

    ${\rm~enc}_k$; % Ciphertext of the user's symmetric key encrypted by ${\rm~pk}_t$

    ${\rm~enc}_r$; % Ciphertext of the task result encrypted by user's symmetric key

    state; % Task state represents whether it has been executed or not

    Algorithm 2

    CSTask public task;

    CSTask tmpTask;

    Algorithm 3

    (msg.value = taskPrice); % Consistency requirement of payment.

    tmpTask.taskID = sf random);

    tmpTask.predicate = predicate;

    ${\rm~tmpTask.hash}_{\rm~vc}~=~{\rm~hashVerifyCode}$;

    ${\rm~tmpTask}.{\rm~enc}_t~=~{\rm~encTask}$;

    ${\rm~tmpTask.state~=~false}$;

    ${\rm~task.push(tmpTask)}$;

    return tmpTask.taskID;

    Algorithm 4

    $r~=~{\sf~Find}$(taskID);

    ${\rm~task}[i].{\rm~pk}_t~=~{\rm~publicKey}$;

    ${\rm~task}[i].{\rm~enc}_k~=~{\rm~encKey}$;

    Algorithm 5

    ${\rm~CSTask}~[]$ public tmp;

    $i~=~0$;

    while $i~<~$ task.length do

    if ${\rm~task}[i].{\rm~state}~==~{\rm~false}$ and attributes meet ${\rm~task}[i].{\rm~predicate}$ then

    ${\rm~tmp.push(task}[i])$;

    end if

    $i++$;

    end while

    return tmp;

    Algorithm 6

    $r={\sf~Find}$(taskID);

    if vSig is valid and the claimed result is true then

    ${\rm~task}[r].{\rm~state~=~true}$;

    ${\rm~task}[r].{\rm~encr~=~encResult}$;

    ${\rm~msg.sender.transfer(task}[r].{\rm~taskPrice})$;

    else

    ${\rm~task}[r].{\rm~state~=~false}$;

    end if

  • Table 1   Comparison between our proposal with other crowdsourcing systems
    Feature SecBCS (proposed) AMT$^{6)}$ Dynamo[8] CrowdBC[3]ZebraLancer[4]
    Data confidentiality $\surd$ $\times$ $\times$ $\times$ $\surd$
    User anonymity $\surd$ $\times$ $\surd$ $\times$ $\surd$
    Traceability $\surd$$\surd$ $\surd$ $\surd$ $\times$
    Secure deployment $\surd$ $\times$ $\times$
    Fair judgment $\surd$ $\times$ $\times$ $\surd$ $\surd$
    Reliability $\surd$ $\times$ $\times$ $\surd$ $\surd$
  • Table 2   Testing platform information
    Operating system Ubuntu 16.04
    CPU Intel (R) core (TM) i7-6700 CPU @3.40 GHz
    Memory 3 GB RAM
    Configuration Naginx-1.11.3; truffle-4.1.13; JUICE-client
  •   

    Algorithm 7 Part 2 — smart contract on CST

    t

    function public sf getHCtaskID) % Invoked by the user to gain hash of the crowdsourcing verification procedure.

    function public sf getResulttaskID) % Invoked by the user to obtain the task results.

    function public sf getKtaskID) % Invoked by the user to obtain the ciphertext of the user's symmetric key.

    $r={\sf~Find}$(taskID);

    return ${\rm~task}[r].{\rm~hash}_{\rm~vc}$;

    Algorithm 8

    $r={\sf~Find}$(taskID);

    return ${\rm~task}[r].{\rm~enc}_r$;

    Algorithm 9

    $r={\sf~Find}$(taskID);

    return ${\rm~task}[r].{\rm~enc}_k$;

  • Table 3   Smart contract gas cost (gas price = 2 Gwei, 1 ether = 122.22 USD)
    Operation Gas used Actual cost (ether) USD
    sf publishing 1119349 0.002238698 0.2736
    sf uploadTask 275879 0.000551758 0.0674
    sf uploadPK 27041 0.000054082 0.0066
    sf getTask 23277 0.000046554 0.0057
    sf getHC 243877 0.000048774 0.0060
    sf getK 24343 0.000048686 0.0060
    sf getResult 24409 0.000048818 0.0060
    sf executeTask 42469 0.000084938 0.0104

Copyright 2020  CHINA SCIENCE PUBLISHING & MEDIA LTD.  中国科技出版传媒股份有限公司  版权所有

京ICP备14028887号-23       京公网安备11010102003388号