Advanced Hardened Registration Process for Mobile Crowd Sensing

Abstract: Mobile Crowd Sensing (MCS) or Participatory Sensing (PS) are two emerging systems as smart mobile devices become ubiquitous. One of the advantages of such a sensing system is that almost anyone with a mobile device can become a moving "sensor". However, despite the convenience, the openness of such systems is a double-edged sword: participants can misbehave and pose a threat. Usually, current MCS or PS systems are relatively weak and lack effective data sources selection mechanisms. As a result, fake or forged data can be collected, representing wrongly the sensed conditions on the surroundings, i.e. noise, moisture, etc. Therefore, a Hardened Registration Process (HRP) is proposed to provide a pre-examination on participants that are chosen to collect sensing data. There is one previous work on such a topic. It targets device examination (root, emulator, bot-net detection, etc.) for Android devices, preventing attackers from managing to register not actual but emulated devices and thus manage to effectively manipulate the collected data. The focus of this project is on enhancing the previous work and extending it with complementary mechanisms. We proposed a two-step HRP process, comprising a client detection for identifying malicious devices and server-side detection for revealing Sybil devices. We improve the previous HRP by implementing detection mechanisms in C (native) code and such an enhanced device examination process is the first step: client detection. In addition, to detect adversaries that can bypass the client detection method, we proposed an additional server-side detection to eliminate emulators and Sybil devices, adopting peer-to-peer interaction with Bluetooth Low Energy to corroborate the physical presence of the registered devices. With this enhancement, we achieve higher detection performance. Adversaries cannot easily bypass the client-side detection with rooted or emulated devices. Moreover, even if some adversaries can bypass the client-side detection, the server-side detection can prevent adversaries from registering Sybil devices more than the number of devices they own.