Mobile participatory sensing (MPS) could benefit many application domains. A major domain is smart transportation, with applications such as vehicular traffic monitoring, vehicle routing, or driving behavior analysis. However, MPS’s success depends on finding a solution for querying large numbers of smart phones or vehicular systems, which protects user location privacy and works in real-time. This paper presents PAMPAS, a privacy-aware mobile distributed system for efficient data aggregation in MPS. In PAMPAS, mobile devices enhanced with secure hardware, called secure probes (SPs), perform distributed query processing, while preventing users from accessing other users’ data. A supporting server infrastructure (SSI) coordinates the inter-SP communication and the computation tasks executed on SPs. PAMPAS ensures that SSI cannot link the location reported by SPs to the user identities even if SSI has additional background information. Moreover, an enhanced version of the protocol, named PAMPAS⁺, makes the system robust even against advanced hardware attacks on the SPs. Hence, the risk of user location privacy leakage remains very low even for an attacker controlling the SSI and a few corrupted SPs. Our experimental results demonstrate that these protocols work efficiently on resource constrained SPs being able to collect the data, aggregate them, and share statistics or derive models in real-time.

移动参与式感知 (MPS) 可以使许多应用领域受益。一个主要领域是智能交通，其应用包括车辆交通监控、车辆路线规划或驾驶行为分析。但是，MPS 的成功取决于找到查询大量智能手机或车载系统的解决方案，该解决方案可以保护用户位置隐私并实时工作。本文介绍了 PAMPAS，这是一种隐私感知移动分布式系统，用于在 MPS 中进行有效的数据聚合。在 PAMPAS 中，使用安全硬件（称为安全探测器 (SP)）增强的移动设备执行分布式查询处理，同时防止用户访问其他用户的数据。支持服务器基础设施 (SSI) 协调 SP 间通信和在 SP 上执行的计算任务。PAMPAS 确保 SSI 无法将 SP 报告的位置链接到用户身份，即使 SSI 有额外的背景信息。此外，协议的增强版本，名为 PAMPAS⁺，即使在对 SP 进行高级硬件攻击时，系统也能保持稳健。因此，即使对于控制 SSI 和一些损坏的 SP 的攻击者来说，用户位置隐私泄露的风险仍然非常低。我们的实验结果表明，这些协议在资源受限的 SP 上有效工作，能够收集数据、汇总数据并实时共享统计数据或派生模型。