Privacy-Preserving Data Aggregation in Mobile Phone Sensing

Mobile phone sensing provides a promising paradigm for collecting sensing data and has been receiving increasing attention in recent years. Different from most existing works, which protect participants' privacy by hiding the content of their data and allow the aggregator to compute some simple aggregation functions, we propose a new approach to protect participants' privacy by delinking data from its sources. This approach allows the aggregator to get the exact distribution of the data aggregation and, therefore, enables the aggregator to efficiently compute arbitrary/complicated aggregation functions. In particular, we first present an efficient protocol that allows an untrusted data aggregator to periodically collect sensed data from a group of mobile phone users without knowing which data belong to which user. Assume there are n users in the group. Our protocol achieves n-source anonymity in the sense that the aggregator only learns that the source of a piece of data is one of the n users. Then, we consider a practical scenario where users may have different source anonymity requirements and provide a solution based on dividing users into groups. This solution optimizes the efficiency of data aggregation and meets all users' requirements at the same time.