Many regions are in urgent need of facial masks for slowing down the spread of COVID-19. To fight the pandemic, people are contributing masks through donation systems. Most existing systems are built on a centralized architecture which is prone to the single point of failure and lack of transparency. Blockchain-based solutions neglect fundamental privacy concerns (donation privacy) and security attacks (collusion attack, stealing attack). Moreover, current auditing solutions are not designed to achieve donation privacy, thus not appropriate in our context. In this work, we design a decentralized, anonymous, and secure auditing framework Astraea based on private smart contracts for donation systems. Specifically, we integrate a Distribute Smart Contract (DiSC) with an SGX Enclave to distribute donations, prove the integrity of donation number (intention) and donation sum while preserving donation privacy. With DiSC, we design a Donation Smart Contract to refund deposits and defend against the stealing attack the collusion attack from malicious collector and transponder. We formally define and prove the privacy and security of Astraea by using security reduction. We build a prototype of Astraea to conduct extensive performance analysis. Experimental results demonstrate that Astraea is practically efficient in terms of both computation and communication.
Traffic monitoring services collect traffic reports and respond to users' traffic queries. However, the reports and queries may reveal the user's identity and location. Although different anonymization techniques have been applied to protect user privacy, a new security threat arises, namely, n-by-1 jamming attack, in which an anonymous contributing driver impersonates n drivers and uploads n normal reports by using n reporting devices. Such an attack will mislead the traffic monitoring service provider and further degrade the service quality. Existing traffic monitoring services do not support customized queries, and private information retrieval techniques cannot be applied directly in traffic monitoring. We formally define the new attack and propose a traffic monitoring scheme TraJ to defend the attack and achieve user-defined location privacy. Specifically, we bridge anonymous contributing drivers without disclosing their speed set by using private set intersection. Each RSU collects time traffic reports and structures a weighted proximity graph to filter out malicious colluding drivers. We design a userdefined privacy-preserving query method by encoding complex road network. We leverage the uploading phase from private aggregation to collect traffic conditions and allow requesting drivers to dynamically and privately query traffic conditions. We provide a formal analysis of TraJ to prove its privacy and security properties. We also construct a prototype based on a real-world dataset and Android smartphones to demonstrate its feasibility and efficiency. A formal analysis demonstrates the Manuscript
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.