SenseCrypt: A Security Framework for Mobile Crowd Sensing Applications

The proliferation of mobile devices such as smartphones and tablets with embedded sensors and communication features has led to the introduction of a novel sensing paradigm called mobile crowd sensing. Despite its opportunities and advantages over traditional wireless sensor networks, mobile crowd sensing still faces security and privacy issues, among other challenges. Specifically, the security and privacy of sensitive location information of users remain lingering issues, considering the “on” and “off” state of global positioning system sensor in smartphones. To address this problem, this paper proposes “SenseCrypt”, a framework that automatically annotates and signcrypts sensitive location information of mobile crowd sensing users. The framework relies on K-means algorithm and a certificateless aggregate signcryption scheme (CLASC). It incorporates spatial coding as the data compression technique and message query telemetry transport as the messaging protocol. Results presented in this paper show that the proposed framework incurs low computational cost and communication overhead. Also, the framework is robust against privileged insider attack, replay and forgery attacks. Confidentiality, integrity and non-repudiation are security services offered by the proposed framework.


Introduction
The Internet of Things (IoT) is a dynamic and global network infrastructure for linking together the physical and virtual world, using standard and interoperable communication protocols [1]. The IoT uses well-known technologies such as wireless sensor networks (WSNs) and radio frequency identification (RFID). A recent IoT trend is mobile crowd sensing, where carriers (known as a "crowd") of sensing and computing devices such as smartphones, tablets and wearable devices acquire and share essential data for various applications [2]. Mobile Crowd Sensing (MCS) has revolutionized the IoT to become a vital sensing mechanism. The advancement in mobile technology has been key to the advantages of MCS over traditional sensing technologies (such as WSNs). Firstly, the availability of affordable smartphones with integrated sensors has enabled the development of several landmark applications. Furthermore, the programmability of smartphones supports novel sensing applications such as the sharing of user's real-time activity with friends on social networks. Secondly, apart from sensing, mobile devices like smartphones have computing and communication features which allow programmers to deploy third-party applications. Thirdly, the availability of application stores by phone vendors allow sensing application developers to ship out novel applications at large-scale. Such large-scale sensing was not possible with previous sensing technologies like wireless sensing networks (WSNs). Fourthly, developers can offload mobile services to backend servers, thereby ensuring additional computing resources that aid advanced features in sensing applications [3]. An example of such sensing applications is feedback and persuasion apps. Sensing applications can be broadly 1. To propose an annotation model that labels sensor data into non-sensitive (does not contain location readings) or sensitive (contains location readings) clusters.

2.
To secure sensitive location data in MCS using an efficient CLASC scheme that incurs low computational cost and communication overheads. 3.
To evaluate the performance of the proposed framework against known attacks in mobile crowd sensing.
The rest of this paper is structured as follows: Section 2 presents a review of related works on some security and privacy techniques and frameworks in MCS. In Section 3, we present our proposed SenseCrypt framework that incorporates data annotation and sensitive data signcryption. Furthermore, the dataset used to develop the models in the framework are also discussed in this section. The results from the evaluation of the framework are shown and discussed in Section 4. The section also presents the performance and security analysis of the proposed framework. Section 5 concludes the paper and highlights our future work.

Literature Review
Anonymity-based approaches and cryptographic methods are commonly used to ensure security and privacy in mobile crowd sensing [29]. Existing security and privacy solutions that employ these techniques are presented in this section.

Anonymity-Based Techniques in MCS
Anonymity-based methods presented in this subsection include K-anonymity, cloaking, pseudonymity, and differential privacy.

K-Anonymity
K-anonymity in MCS is an anonymisation technique that removes unique details in the information of K participants by adding similar information from other participants [30]. Consequently, K-anonymity is ensured in the generated information if the data for each participant cannot be identified from at least K-1 other participants [31]. This privacy approach is implemented in Privacy-Preserving Reputation System (PPRS), which was proposed by Huang [32]. The system comprises of participants, a trusted third party and an application server as entities. The system employs K-anonymity on participant's location and time data by normalising them with similar data of other participants. The trusted third party in the framework ensures the security and privacy of participants' data and guarantees data trustworthiness. However, K-anonymity is still vulnerable to homogeneity attacks. These attacks exploit the monotony of certain features to identify users from the set of k participant [4].

Cloaking
Cloaking is a technique that replaces actual data with their corresponding anonymised versions to avoid unique identification of the real data [32]. A common cloaking technique is spatial cloaking. In spatial cloaking approaches, sensitive information is blurred in a cloaked zone, thereby maintaining users' privacy. Spatial cloaking employs generalisation, transformations, or fake locations to hide the actual location of participants. A spatial cloaking technique is used by Ghinita [33]. The authors segment spaces into a set of regions, then employ a specific probability distribution to select participants in each region to broadcast their precise location. Also, Kazemi and Shahabi [34] employ a peer-to-peer spatial cloaking technique to cloak users' location when querying MCS servers. Nonetheless, major issues with this technique are that a single point of failure is possible. Secondly, to enforce cloaking, users must continuously forward their locations to the anonymiser, which introduces bottlenecks and delays.

Pseudonymization
Pseudonyms are used to preserve the anonymity of MCS participants by substituting their identities with aliases. In [35], the authors proposed a scheme that uses multiple pseudonyms for individual users and reputation values are sent between various pseudonyms owned by the same user.
Sensors 2020, 20, 3280 4 of 23 A trusted server is integrated into the scheme to coordinate the transfer of reputation scores between several pseudonyms. Ma [36] proposed a pseudonym-based anonymous identity authentication mechanism for MCS. It uses pseudonym construction rules to encrypt the real names of MCS users. The security mechanism is a hybridisation of public key infrastructure (PKI) and combined public key (CPK) technology to address the large-scale key management issue. The identity authentication mechanism proposed by the authors consists of an application server, a certificate authority database, and a key management centre (KMC). The key management centre employs elliptic curve cryptography (ECC), which sets an m × h order to the secretive seed key (SSK) of integer vector r ij . It then computes a public key vector r ij G = x ij , y ij to obtain a public seed key (PSK) matrix. G in the scheme is the base point of the elliptic curve, while x and y are the public key parameters. The security scheme then publishes PSK, while keeping SSK private. However, pseudonyms must be complemented by other security mechanisms to effectively secure location information of participants, which makes it a non-trivial approach [4].

Differential Privacy
A general issue with cloaking techniques is its ineffectiveness when an attacker has prior knowledge of the user's location distribution [37]. Differential privacy [38] is employed in the location privacy-preserving framework proposed by Wang [39] as a solution to the abovementioned problem. The framework integrates location obfuscation and data adjustment to achieve secure privacy. Real-life traffic monitoring and temperature datasets were used to evaluate the proposed scheme. Results show that the proposed scheme evenly distributes obfuscation and improves the inference accuracy of the obfuscated data. Furthermore, Wang [40] employed differential privacy into task allocation to ensure the security of location privacy irrespective of adversaries' prior knowledge of the data. With the scheme, participants can obfuscate their reported locations without the aid of any third-party. A summary of some proposed security schemes that adopt the anonymity approach is presented in Table 1. Table 1. A summary of anonymity-based schemes in MCS.

Authors/[Reference]
Techniques Remarks [31,32] K-anonymity Vulnerable to homogeneity attacks, which exploits the monotony of some features to identify users from the set of K participants. [33,34] Cloaking An attacker may know users' location a priori, hence revealing his location. [35,36] Pseudonymization Users' identities can still be linked from inferred information. [38,39] Differential Privacy Noise added to sensor data reduces data quality.
Anonymity-based techniques are trivial and implementable in MCS. Nevertheless, users' information can still be linked to their identities, resulting in the de-anonymisation of users [32]. In works proposed by Liu [26] and Zhang [41], the authors showed that malicious entities can infer important information of participants even when participants anonymously sense and process data. With this, even anonymised participants are still vulnerable to location-based inference attacks and tracing attacks [42].

Cryptographic-Based Techniques in MCS
Cryptography is another approach that can be used to achieve security and privacy in MCS by encrypting sensed data at the sender's side, then transmitting the encrypted data to the application server [30]. Cryptographic techniques ensure that sensitive information of participants remains Sensors 2020, 20, 3280 5 of 23 undisclosed to unauthorised parties. It is a technique that maintains data confidentiality, integrity, authentication and non-repudiation. Cryptographic primitives guarantee security without adding noise to sensor data, thus maintaining its original quality [42]. Some of these primitives are presented below.

Homomorphic Encryption
Several studies have proposed homomorphic encryption as an effective technique in securing sensitive data in MCS. A cloud-enabled privacy-preserving truth discovery (PPTD) framework was proposed by Miao [42]. The PPTD framework ensures effective privacy and high accuracy. The framework employs homomorphic encryption to transmit encrypted sensor readings to the cloud server. After that, users' encrypted weights are updated by the cloud server without decrypting them, then sends the results to each user. However, the proposed scheme is non-trivial as it incurs significant computation and communication overhead due to the use of fully homomorphic encryption. To improve on their earlier proposed PPTD framework, [43] proposed a novel lightweight privacy-preserving truth discovery framework. The framework employs additive homomorphic encryption to secure sensor data of participants in MCS. Encryption is not directly applied on data, somewhat random numbers are used instead, and the encrypted data is moved to the cloud. A data requester and participating workers are the two components in the proposed framework. A secure system in mobile crowd sensing that utilises both additive homomorphic encryption with garbled circuits was presented by Zheng [44]. Garbled circuits are used to construct the encryption protocol by enabling S 0 holding E pk1 (a) and E pk1 (b) to get E pk1 (a/b), without disclosing a, b (where a and b are fractional integers). In this case, pk 1 is the public key of S 1 . The goal is for S 1 to generate a garbled circuit for the secure division, while S 0 evaluates the garbled circuit and finally gets the division result in the encrypted form using E pk1 (a) and E pk1 (b) as inputs. S 0 and S 1 are the sensors in the proposed scheme. Homomorphic encryption schemes offer confidentiality, integrity and privacy as security services, but authentication and non-repudiation are not provided. Also, the technique is computational expensive to implement on MCS devices.

Certificateless Aggregate Signcryption
Certificateless public key cryptography (CLPKC) is an intermediate between the traditional public key cryptography (PKC) and ID-based cryptography (ID-PKC) [45]. On the one hand, a certificate authority is required in traditional PKC to generate and manage keys of users, which introduces the certificate management problem. On the other hand, in ID-PKC, the generation of private keys of users based on their identities is done by a trusted key generator. This approach, however, leads to the key escrow problem. CLPKC offers a solution to the mentioned problems. Though CLPKC requires a key generation centre (KGC) for the generation of partial private keys of users, the final private keys are chosen by the users and cannot be accessed by the KGC. The final private keys of users are obtained from the combination of the partial keys generated by the KGC and the secret information selected by the users [27]. Also, the KGC computes the public key of the users using its public parameters with other information, which are secretly kept and published by the user.
Aggregate signcryption was first conceptualised by Selvi [48], and the authors defined an adequate security model for identity-based aggregate signcryption schemes. They also proposed examples that seem secure in the random oracle model. A security model for certificateless aggregate signcryption schemes (CLASC) was proposed by Eslami and Pakniat [27]. The scheme was proven to be secure in the random oracle model under the gap Bilinear Diffie-Hellman and Computational Diffie-Hellman Intractability assumptions. Basudan [28] proposed another CLASC scheme which enhanced the pairings required by aggregate signature verifications and unsigncryption. The authors used the scheme to develop a privacy-preserving protocol for the improvement of security in data transmission of vehicular crowd sensing. The secure data is used in road surface condition monitoring. The authors showed that their proposed scheme ensures confidentiality, integrity, mutual authentication, privacy and anonymity. However, their scheme still requires implementation enhancement for optimal performance when adopted in generic frameworks. Some proposed cryptographic-based schemes and techniques in MCS and the IoT are summarized in Table 2. Table 2. A Summary of Cryptographic-based Security Schemes in MCS.
This paper addresses the problems above by presenting a security framework that signcrypts sensitive location information of MCS users using an efficient CLASC scheme. Hence, ensuring data confidentiality, integrity, authentication and non-repudiation.

Methods
In this section, first, we present the architecture of the proposed framework and discuss the interaction between the different modules. We then divulge the implementation process of the framework.

Architecture of the Proposed Framework
The proposed framework is an enhancement of the typical MCS architecture proposed by Christin [4]. Figure 1 illustrates our system architecture. At the core, our framework consists of two entities: the data annotation and data signcryption modules, which are implemented as a client-server model. The SenseCrypt framework interacts seamlessly with existing MCS stakeholders: sensing administrators, the participants and the end-users: 1.
Sensing administrators: they are members of an organization (profit/nonprofit), research groups, individuals who initiate sensing tasks. They design, implement, deploy, manage and maintain MCS applications (using MCS application servers). They set up the application server to acquire, store, and process raw sensor data from participants.

2.
Participants: download and install sensing applications on their smartphones and participate in sensing tasks. They collect people-centric or environment-centric data during sensing activities. At a personal scale, these participants may capture data to improve their health conditions or track their sport experiences. Meanwhile, at a community scale, they may upload data to help other users by reporting road and/or traffic conditions. Most times, this information contains sensitive data of participants. Such information requires adequate security against attacks and unauthorized access. 3. End-users: access the data collected by participants based on their needs and preferences. Sensing administrators, participants and other users are all regarded as end-users. End-users visualize processed data by querying MCS application servers which are run by the sensing administrators. The data annotation module consists of smartphones with integrated accelerometer, gyroscope, magnetometer and GPS sensors as presented in Figure 1. During sensing activities, unlabelled data from these sensors are automatically labelled either as non-sensitive or sensitive data by the framework. This process is achieved using the K-means algorithm. All sensor data labelled as sensitive (raw sensor data containing location readings) are compressed then signcrypted using the spatial coding scheme and certificateless aggregate signcryption scheme, respectively. The signcrypted sensitive data is forwarded to the aggregators for aggregation. On the other hand, the MQTT broker handles all published "topics" in the framework and manages communication between publishers and subscribers. Meanwhile, the MCS server is a multi-threaded server system. New threads are used for incoming connections from MCS participants (referred to as mobile clients in later sections of this paper). Figure 2 presents the implementation processes of the framework. The process starts with data collection (publicly available dataset) and ends with data decompression. Data signcryption starts after sensitive data have been labelled and validated. It is worthy of note that the data of interest in the framework is contained in the sensitive data cluster denoted as ASD (annotated sensitive data). The ASD is then compressed into ASD * . The compressed annotated sensitive data ASD * is then signcrypted to obtain SCSD (signcrypted sensitive data) and forwarded to the aggregators. After aggregation, SCSDagr is generated and sent to subscribed topics running on the MQTT broker. The MCS application server receives and unsigncrypts SCSDagr to obtain the compressed annotated sensitive data (ASD * ). As a final step, the ASD * is decompressed to get the annotated sensitive data ASD. The data annotation module consists of smartphones with integrated accelerometer, gyroscope, magnetometer and GPS sensors as presented in Figure 1. During sensing activities, unlabelled data from these sensors are automatically labelled either as non-sensitive or sensitive data by the framework. This process is achieved using the K-means algorithm. All sensor data labelled as sensitive (raw sensor data containing location readings) are compressed then signcrypted using the spatial coding scheme and certificateless aggregate signcryption scheme, respectively. The signcrypted sensitive data is forwarded to the aggregators for aggregation. On the other hand, the MQTT broker handles all published "topics" in the framework and manages communication between publishers and subscribers. Meanwhile, the MCS server is a multi-threaded server system. New threads are used for incoming connections from MCS participants (referred to as mobile clients in later sections of this paper). Figure 2 presents the implementation processes of the framework. The process starts with data collection (publicly available dataset) and ends with data decompression. Data signcryption starts after sensitive data have been labelled and validated. It is worthy of note that the data of interest in the framework is contained in the sensitive data cluster denoted as ASD (annotated sensitive data). The ASD is then compressed into ASD*. The compressed annotated sensitive data ASD* is then signcrypted to obtain SCSD (signcrypted sensitive data) and forwarded to the aggregators. After aggregation, SCSD agr is generated and sent to subscribed topics running on the MQTT broker. The MCS application server receives and unsigncrypts SCSD agr to obtain the compressed annotated sensitive data (ASD*). As a final step, the ASD* is decompressed to get the annotated sensitive data ASD.

Sensor Data Annotation
Processes in the sensor data annotation module include data collection (dataset), pre-processing and data clustering.

Dataset
The dataset presented by Freedman [52] was used for the evaluation of the proposed framework. The real-world dataset is a collection of unlabelled motion and location readings of twenty participants acquired over six months. There are 3112 instances and 36 attributes in the dataset. After feature selection and extraction, 11 relevant attributes were obtained including accelerometer (Ax, Ay, Az), gyroscope (Gx, Gy, Gz), magnetometer (Mx, My, Mz) and GPS (latitude, longitude). Table 3 presents the extracted features and their description. The availability/unavailability of GPS data in terms of outdoor and indoor movements of users captured in the dataset makes it appropriate for the framework. Since the first task of the framework is to model the fluctuations of GPS sensor and automatically label any sensor reading containing location data as sensitive, otherwise non-sensitive, dataset presented by Freedman [52] meets this purpose.

Sensor Data Annotation
Processes in the sensor data annotation module include data collection (dataset), pre-processing and data clustering.

Dataset
The dataset presented by Freedman [52] was used for the evaluation of the proposed framework. The real-world dataset is a collection of unlabelled motion and location readings of twenty participants acquired over six months. There are 3112 instances and 36 attributes in the dataset. After feature selection and extraction, 11 relevant attributes were obtained including accelerometer (Ax, Ay, Az), gyroscope (Gx, Gy, Gz), magnetometer (Mx, My, Mz) and GPS (latitude, longitude). Table 3 presents the extracted features and their description. The availability/unavailability of GPS data in terms of outdoor and indoor movements of users captured in the dataset makes it appropriate for the framework. Since the first task of the framework is to model the fluctuations of GPS sensor and automatically label any sensor reading containing location data as sensitive, otherwise non-sensitive, dataset presented by Freedman [52] meets this purpose.
Furthermore, data normalization was performed as a pre-processing process since the data range of some features in the dataset is enormous, and such dimensions determine the variance of the distance. The Min-Max normalisation method was used to ensure that all the data values come under the range of (0,1). Mx Magnetometer X-axis (T) 8. My Magnetometer Y-axis (T) 9.
Long Location (Longitude)

K-Means Clustering
The K-means algorithm is an unsupervised learning algorithm commonly used in tackling clustering problems in sensor networks due to its simple implementation and linear-complexity [53]. It separates data into different groups (referred to as clusters). With K-means clustering, cluster centres (C) are stochastically initialized to K from points in a given data to ensure uniqueness of all centroids (i.e., ∀ centroids C i and C j , C i C j ). For the K-means to function, three parameters must be provided by the user, which are: number of clusters K, cluster initialisation and the distance metric [54]. The K-means algorithm can be formally represented as follows: Let D = {d 1 , . . . , d n } be the data (sensor data), µ q = d C q d n q be the centroid of the cluster C q and let K be the cluster number (1 ≤ q ≤ K). Then the objective function of the K-means clustering algorithm is the sum of squared error (SSE) as follows: where µ q is the mean of the cluster C q containing data points {d 1 , . . . , d n } and d is a high dimension set of observations. The aim here is to minimize the objective function for a fixed number of clusters. The K-means algorithm used to run the pre-processed dataset, distinctly grouped sensor data into groups. The clustering model from the K-means algorithm, which was implemented in Python runs on the smartphone. The model was used to annotate sensor data within the dataset into non-sensitive and sensitive clusters. This process is performed on the client-side (smartphone) before the compression and encryption of location data (data in the sensitive cluster).

Sensitive Data Signcryption
The data signcryption module of the proposed SenseCrypt framework employs the certificateless aggregate signcryption scheme. This subsection presents the CLASC scheme and its implementation in the system model.

Preliminaries of the Certificateless Aggregate Signcryption (CLASC)
This subsection first provides an overview of the bilinear pairing definition, which is adopted in the CLASC scheme for the proposed SenseCrypt framework.
Bilinear Maps: Let G 1 be an additive group of large prime order q, and G 2 be a multiplicative group of similar large prime order. Then let G 1 be generated by P. With this, an admissible bilinear pairing e : G 1 × G 1 → G 2 is a map that has the following properties:
Computability: An algorithm that computes e(P, Q) for P, Q ∈ G 1 is efficient. e : which is an admissible bilinear pairing can be run using the modified Weil/Tate pairing over elliptic curves [55]. 3.
Nondegeneracy: e :(P, Q) 1G 2 where the identity element of a group G 1 is represented with 1 G 2 .
Definition of bilinear Parameter Generator: A bilinear parameter generator Gen is a probabilistic algorithm that accepts input k as a security parameter and generates as outputs a 5-tuple (G 1 , G 2 , e, P, q), where G 1 .G 2 are two groups with order q, e is a non-degenerated and trivial bilinear map, P ∈ G 1 is a generator and q is a k-bit prime number.
The components of CLASC are defined based on initial theories proposed by Lu and Xie [56] and Eslami and Pakniat [27]. These components are: a Key Generator Centre (KGC), an aggregating set of ID i of n users with identity of {ID i } n i=1 ; recipient(s) represented with the identity ID R with an aggregate signcryption generator. Therefore, the following seven probabilistic polynomial time algorithms [28] defines the CLASC scheme of the SenseCrypt framework:

1.
Setup: An algorithm that accepts k input as a security parameter, outputs SysParams as system parameters and a master key s, an associated master public key Y pub . The KCG then implements the algorithm and publishes SysParams and securely stores the key.

2.
Partial-Private-Key-Extract: Given the system parameters SysParams, s and identity ID i of an identity i. A partial private key F part is generated by the algorithm and forwarded by the KGC to the legitimate user i.

3.
User-Key-Generate: Each user implements this algorithm and accepts inputs SysParams and ID i (user's identity). The output from this algorithm is a randomly selected secret value g i with an associated public key X i . The public key is generated and published by the user.

4.
Signcrypt: Each user ID i which is a member of the aggregated set of n users {ID i } n i=1 runs this algorithm. ∆ is accepted as the state information together with SysParams. All the users must employ similar but distinct state information in the signcryption algorithm. A message m i , user's identity ID i must be used by all users with the associated public key X i and a private key pair g i , F part , ID R (receiver's identity) and with the associated public key X R . With this, the ciphertext C i is generated.

5.
Aggregate: The aggregate signcryption generator runs this algorithm and accepts the following inputs: an aggregating set of ID i of n users' {ID i } n i=1 , ∆ (state information), each sender's identity ID i with the associated public key X i and C i (cipher generated from the message m i ). Next, the state information ∆, with the associated public key X R and the receiver's identity ID R are applied to the message to generate a cipher. The output is an aggregated ciphertext C on messages {m i } n i=1 .

6.
Aggregate-verify: The receiver ID R runs this algorithm by accepting as input an aggregating set of n users {ID i } n i=1 , the sender's user identity ID i state information ∆, an aggregated ciphertext C and the associated public key X i . The algorithm only returns true if the aggregate signcryption is legitimate, else it returns false. 7.
Aggregate-Unsigncrypt: This algorithm is run by ID R (the receiver) and accepts as input an aggregated ciphertext C, the receiver's entire private key g R , F part(R) , receiver's identity ID q , the senders' identities {ID i } n i=1 , public key X R with their corresponding public keys {X i } n i=1 and the state information ∆. The algorithm then returns a set of n plaintexts {m i } n i=1 .

The CLASC Scheme
This subsection presents the CLASC scheme of the SenseCrypt framework. Table 4 shows the mathematical notations used in the CLASC scheme.

System Model
We present an efficient implementation approach for the CLASC scheme proposed by Basudan [28]. The scheme is designed to ensure the signing and encryption of annotated sensitive data (ASD) in one logical step. The components of the model are shown in Figure 3. The key generator centre (KGC) is a trusted third party entity that only generates a partial private key for mobile clients (MC), aggregators (AG) and the MCS application server (AS) but does not have access to their final private keys, hence, cannot access sensor data transmitted between them. Implementing this eliminates the key escrow problem and ensures that sensitive location information of MCS users remains private.
On the other hand, (MC) are users that employ smartphones to collect sensor data which contain their sensitive location information. Data compression is performed on annotated sensitive data (ASD) before signing and encryption. After signing and encryption of the ASD, the signed ciphertext is forwarded to the aggregator (AG) using their respective partial private keys. The (AG) aggregates signed ciphertexts then forwards the aggregated ciphertexts to the MQTT broker as subscribed "topics". The MCS application server (AS) receives the aggregated ciphertexts from the MQTT broker via its published topics.
Sensors 2020, 20, x FOR PEER REVIEW 12 of 24 keys, hence, cannot access sensor data transmitted between them. Implementing this eliminates the key escrow problem and ensures that sensitive location information of MCS users remains private. On the other hand, ( ) are users that employ smartphones to collect sensor data which contain their sensitive location information. Data compression is performed on annotated sensitive data (ASD) before signing and encryption. After signing and encryption of the ASD, the signed ciphertext is forwarded to the aggregator (AG) using their respective partial private keys. The (AG) aggregates signed ciphertexts then forwards the aggregated ciphertexts to the MQTT broker as subscribed "topics". The MCS application server ( ) receives the aggregated ciphertexts from the MQTT broker via its published topics.
The ( ) then verifies, unsigncrypts the aggregated ciphertexts using his associated private key. The CLASC scheme implemented in the SenseCrypt framework comprises of the following steps: i) system setup; ii) data compression; iii) annotated sensitive data signcryption; iv) signcrypted sensitive data aggregation; v) efficient data transfer; vi) receive signcrypted sensitive data.

System Setup
First, the key generator centre (KGC) registers both the mobile client (MC), the aggregator (AG) and the MCS application server (AS). Then generates partial private keys ; ( ) and public keys key ; for , and , respectively. Next, the KGC generates the bilinear parameters ( , , , , ), given the security parameter , and performs this by executing Gen(k). Then, the KGC chooses at random ∈ * as its master secret key and computes the master public key . The entire setup process for and is shown as follows: The (AS) then verifies, unsigncrypts the aggregated ciphertexts using his associated private key. The CLASC scheme implemented in the SenseCrypt framework comprises of the following steps: (i) system setup; (ii) data compression; (iii) annotated sensitive data signcryption; (iv) signcrypted sensitive data aggregation; (v) efficient data transfer; (vi) receive signcrypted sensitive data.

System Setup
First, the key generator centre (KGC) registers both the mobile client (MC), the aggregator (AG) and the MCS application server (AS). Then generates partial private keys F part ;F part(R) and public keys key X i ; X R for MC i , AG j and AS R , respectively. Next, the KGC generates the bilinear parameters (G 1 , G 2 , e, P, q), given the security parameter k, and performs this by executing Gen(k). Then, the KGC chooses at random s ∈ Z * q as its master secret key and computes the master public key Y pub = sY. Furthermore, four secure hash functions are selected by the CU: where is the bit-length of plaintexts, H 3 : {0, 1} * → G 1 and H 4 : Z * q → G 1 [28]. At this point, the system parameters SysParams, G 1 , G 2 , e, P, q, Y pub , H 1 , H 2 , H 3 , H 4 are available to the registered users MC i , AG j and AS R . The entire setup process for MC i AG j and AS R is shown as follows:

1.
A mobile client MC i can arbitrarily select g i ∈ Z * q as its secret value, then computes its partial public key MC i(a) = g i P.

2.
To preserve privacy, MC i can pseudonymize its identity by randomly selecting Q i .

3.
MC i forwards its identity and partial public key MC i , MC i(a) to the KGC for registration.

4.
The KGC arbitrarily chooses g i ∈ Z * q and computes a different partial public key for MC: MC i(b) = g i P.

5.
KGC calculates the partial private key F parti = g i + s * Q i , where Q i = H 1 (MC i ), this registers MC i with the partial public key MC i(a) .

6.
F parti is transmitted securely to MC i . In the public key database, the entire public key (MC i(a) , MC i(b) ) is stored by the KGC.
Sensors 2020, 20, 3280 13 of 23 7. MC i gets the partial private key F parti and adds it with its secret value g i to generate its entire private key g i , F parti .

8.
MC i checks the correctness of the partial private key g i P = MC i(b) + Y pub H 1 (MC i ).

Data Compression
Annotated sensitive data (ASD) to be signcrypted are first compressed by the sender using the spatial coding scheme [57]. Compressing the ASD minimizes the number of messages to be signcrypted. After annotation of sensitive location data, the mobile client (MC) compresses the ASD in such a way that loss of data precision is minimized. Therefore, computation overhead which is mostly experienced with signcryption of sensor data from sensing devices, is reduced. Using spatial compression, a ratio γ, 0 ≤ γ < 1 is defined as the sensor data reduction in size, which is relative to the initial uncompressed sensitive data from each mobile client. Spatial coding [57] is an efficient and effective compression technique on continuous reading, such as those acquired by smartphones. It also defines accurately the alphabets of sensor readings, which minimizes data loss during compression. These features of spatial coding justify why it has been adopted for the compression of ASD in the framework. Mathematically, spatial coding can be represented as follows: Each mobile client (MC) compresses ASD based on their spatial correlation. The spatial compression involves two steps: the client compression (executed on the smartphone by the participant), and the decompression (at the MCS application server).

Annotated Sensitive Data (ASD) Signcryption
This process is carried out by the mobile client MC i with the pseudonym Q i . The framework identifies annotated sensitive data, compressed using spatial coding as (ASD*). The certificateless signcryption algorithm is then applied on the ASD* to obtain the signcrypted sensitive data (SCSD i ) using the following steps:

1.
MC i randomly chooses r ∈ Z * q and generates T i = rP, 2.

3.
Computes Z a = r PW ra + Y pub Q i ,

4.
Computes h a = H 2 (ID R ||Pk ra ||PW rb ||Γ||T i ||Z b ||Z a ), 5. Computes Computes h c = H 4 (Γ), 7. Computes The ciphertext C i = (T i , W i , β i ) is appended to sensor data in the form of a signcrypted sensitive Data, which is:

Signcrypted Sensitive Data (SCSD) Aggregation
On successful signcryption of annotated sensitive data, the MC i forwards the ciphertext SCSD i to the aggregators (also called aggregate servers). The aggregate servers are distributed systems with high computational capabilities. These servers aggregate all the ciphertexts from multiple mobile clients. The property provided by the proposed framework allows for numerous aggregations of {SCSD i } n i , which further reduces the computational cost [28].

A. SCSD Aggregation
Aggregate SCSD is employed to aggregate several {SCSD i } n i into a single SCSD, that is, {SCSD i } n i=1 . For sensitive data SensitiveData i , given {SCSD i } n i , SCSD i = (Q i , Signcrypt(Data i )) by mobile clients MC 1 , . . . , MC n , it is possible to get SCSD agr (Q i , . . . Q n , Signcrypt(SensitiveData i ) i 1 . . . Signcrypt Data) n i . An aggregate signcryption generator returns the algorithm below: 1.
The algorithm collects single ciphertext to a receiver ID R with similar state information ∆.

2.
Aggregates several signatures by computing sign agr n i=1 β i .

B. SCSD Batch Verification
In this step, all the ciphertexts from {MC i } n i users are verified concurrently using the batch verification algorithm. Based on the signature aggregation sig agr , the sensor datasets {SCSD i } n i=1 and the associated public keys (MC i(b) , MC i(a) ) n j=1 for all the MC i and the receiver's identity ID R and its corresponding public key (Xk ra , XW rb ) using similar state information ∆. The batch verification algorithm verifies the signature through the following process: The signature aggregation Sig agr is accepted if: If the batch verification process is true, then the aggregator accepts the SCSDs. In this case, the SCSD agr will be sent to the unsigncryption step. The SCSD agr is forwarded to the MQTT broker as subscribed topics that are published by the (AS R ). The efficient transfer process of the SCSD agr is discussed next.
Since the MCS server does not offer acknowledgement, and participants do no retransmission of sensor data, communication overhead is reduced to its minimum. It so happens because data is only sent once when using level 0 QoS, which is adopted in the proposed framework. MQTT uses a password and a username to secure the connection between devices, which makes it less robust to attacks. More so, all MQTT communication is transmitted in plaintext. As stated in SHODAN [58], a lot of IoT devices that use MQTT transfer data to each other without employing an encryption protocol. Hence, data are unprotected during transfer. On the other hand, to employ an encryption protocol with MQTT, the encryption protocol requires independent implementation under MQTT [59]. As such, the proposed framework transmits only signcrypted data from participants to the MCS servers, hence, ensuring the security of sensitive data.

Efficient Data Transfer Using MQTT Protocol
In the SenseCrypt framework, the transfer of the aggregated sensitive data SCSD agr from aggregators to the MCS application server (AS R ) is implemented using the MQTT protocol. MQTT, which is based on the publish/subscribe model, incurs less communication overhead and ensures scalability [60]. These properties of the MQTT protocol are leveraged in the SenseCrypt framework. The framework runs a topic-based system, where messages (sensing tasks) are published to topics by the MCS application server. Mobile clients and aggregators subscribe to these topics, as shown in Figure 4. However, in the framework only aggregated signcrypted sensitive data SCSD agr are forwarded to the MQTT broker by the aggregators. The mobile clients subscribe to sensing tasks but forward ciphertexts {SCSD i } n i to the aggregator for aggregation and verification. The MQTT broker handles the addition and removal of aggregators and mobile clients (subscribers) from the system and well as performing filtering of forwarded messages (SCSD agr ).
In the SenseCrypt framework, the transfer of the aggregated sensitive data ( ) from aggregators to the MCS application server ( ) is implemented using the MQTT protocol. MQTT, which is based on the publish/subscribe model, incurs less communication overhead and ensures scalability [60]. These properties of the MQTT protocol are leveraged in the SenseCrypt framework. The framework runs a topic-based system, where messages (sensing tasks) are published to topics by the MCS application server. Mobile clients and aggregators subscribe to these topics, as shown in Figure 4. However, in the framework only aggregated signcrypted sensitive data are forwarded to the MQTT broker by the aggregators. The mobile clients subscribe to sensing tasks but forward ciphertexts { } to the aggregator for aggregation and verification. The MQTT broker handles the addition and removal of aggregators and mobile clients (subscribers) from the system and well as performing filtering of forwarded messages ( ). Figure 4. Efficient data transfer using the message queuing telemetry transport protocol.
Since the MCS server does not offer acknowledgement, and aggregators do not retransmit , communication overhead is reduced to its minimum. It so happens because data is only sent once when using level 0 QoS (Quality of Service), which is used in the proposed framework. MQTT uses a password and a username to secure the connection between devices, which makes it less robust to attacks. More so, all MQTT communication is transmitted in plaintext. As stated in SHODAN. [58], a lot of IoT devices that use MQTT transfer data to each other without employing an encryption protocol. Hence, data are unprotected during transfer. On the other hand, to employ an encryption protocol with MQTT, the encryption protocol requires independent implementation under MQTT [59]. As such, in the proposed framework, aggregators forward signcrypted data from mobile clients to the broker, hence, ensuring the security of sensitive location data of users.

Receive Signcrypted Sensitive Data (SCSD)
When the MCS application server receives a message , from aggregators via the MQTT broker, it first runs the aggregate-verify algorithm. If the algorithm outputs true, then it implements the next step, which is the aggregate-unsigncrypt. If false, then the , is discarded. This process ensures that MCS application servers process only valid signcrypted sensor data from mobile clients that have been aggregated by the aggregators. The (Signcrypted Sensitive Data) is decrypted using the following steps: Since the MCS server does not offer acknowledgement, and aggregators do not retransmit SCSD agr , communication overhead is reduced to its minimum. It so happens because data is only sent once when using level 0 QoS (Quality of Service), which is used in the proposed framework. MQTT uses a password and a username to secure the connection between devices, which makes it less robust to attacks. More so, all MQTT communication is transmitted in plaintext. As stated in SHODAN [58], a lot of IoT devices that use MQTT transfer data to each other without employing an encryption protocol. Hence, data are unprotected during transfer. On the other hand, to employ an encryption protocol with MQTT, the encryption protocol requires independent implementation under MQTT [59]. As such, in the proposed framework, aggregators forward signcrypted data SCSD agr from mobile clients to the broker, hence, ensuring the security of sensitive location data of users.

Receive Signcrypted Sensitive Data (SCSD)
When the MCS application server receives a message SCSD agr , from aggregators via the MQTT broker, it first runs the aggregate-verify algorithm. If the algorithm outputs true, then it implements the next step, which is the aggregate-unsigncrypt. If false, then the SCSD agr , is discarded. This process ensures that MCS application servers process only valid signcrypted sensor data from mobile clients that have been aggregated by the aggregators. The SCSD i (Signcrypted Sensitive Data) is decrypted using the following steps: 3.
On completion of the decryption process, decompression is initiated. The decompression is carried out by the MCS server. Notably, the MCS server decompresses compressed sensitive data after the unsigncrypt process. Recall that a mobile client (MC i ) compressed annotated data into an array D which was a k × k matrix M = a i,j k × k, such that, each element a i,j stores the value i, j, as discussed earlier in the compression phase. Now to decompress data, the MCS server recovers the associated array D to a two-dimensional matrix which containsM = b i,j k × k Next, the inverse 2D-DCT technique is employed to transformM to a new matrixM = a i,j k × k. The approach employed in the proposed SenseCrypt framework minimizes remarkably the number of transmitted data from mobile clients to the MCS application server. Realizing computational reduction is because sensitive sensor data with high data correlations have been compressed. After data decompression, the actual ASD can be obtained from the ASD*.

Results and Discussion
This section presents the results from the automatic annotation and signcryption of sensitive location information of MCS users by the proposed SenseCrypt framework.

Performance Evaluation of the Clustering Model
For accurate clustering analysis, measuring the distance of objects in the dataset is an important task. There are several types of proximity measures that best fit different types of data. Nevertheless, Euclidean distance and Manhattan distance are mostly used for high dimensional data. In this paper, the K-means algorithm was implemented using the Euclidean distance metric. It is a significant metric for identifying the similarity and dissimilarity of generated clusters. It does this by calculating the root of squares between a pair of objects in a dataset. We performed the clustering analysis on 2 to 10 clusters and calculated the average silhouette coefficient against the clustering members. As presented in Table 5, the average silhouette is largest at a value of 0.81, that is when K = 2, hence the choice of K in the proposed framework. Furthermore, all the clusters are above the average, indicating that data from motion and location sensors in smartphones can be grouped into non-sensitive and sensitive groups. However, the average silhouette decreases slightly as the cluster value increases. Figure 5 shows the clustered data objects from the dataset. As can be seen from the silhouette plot, the non-sensitive data cluster (black colour) contains more data objects than the sensitive data cluster (green colour) based on the thickness of the plots. The clustering results justify the fact that some MCS sensing activities can be performed using only motion sensors since most users prefer to turn off their GPS sensor to preserve battery and/or their privacy. Thus affecting the availability of real-time location data.
The computational complexity of the K-means algorithm used in the framework for each iteration is O(i * n), where n is the number of features in the dataset and i is the value signifying the amount of information from the preceding iterations, which is constant. The number of iterations is 50 and the scale is from 2 to 10. Meanwhile, i was set to 8 and n (number of features) is higher than i (information), which means that the complexity is O(n).  The computational complexity of the K-means algorithm used in the framework for each iteration is ( * ), where is the number of features in the dataset and is the value signifying the amount of information from the preceding iterations, which is constant. The number of iterations is 50 and the scale is from 2 to 10. Meanwhile, was set to 8 and (number of features) is higher than (information), which means that the complexity is ( ).

Performance Evaluation of the CLASC Scheme
In this subsection, we evaluate the performance of the CLASC scheme employed in the proposed SenseCrypt framework. We compare our CLASC scheme with schemes proposed by Eslami and Pakniat [27] and Basudan, Lin [28] using computation cost and communication overhead as evaluation metrics. The following parameters are used to measure the scheme's efficiency: The CLASC scheme in the proposed framework allows each to signcrypt sensitive data at any given time. However, mobile clients cannot aggregate signcrypted data, unlike the aggregator that can aggregate multiple signcrypted sensitive data. The effective compression technique adopted in the framework further reduces the size of the sensitive data to be signcrypted. The signcryption algorithm required four multiplication operations in for the successful signing and encryption in the framework. A single pairing operation was required for the unsigncrypt process by the MCS application server ( ) . Table 6 compares pairing time, scalar multiplication time and exponentiation time of the signcryption and unsigncryption processes of our scheme with schemes proposed by Eslami and Pakniat [27] and Basudan, Lin [28]. The comparison can also be visualized in Figure 6. Aggregate verification of the signature and unsigncrypt processes required two scalar multiplication operations. On the other hand, the receiver of the aggregated ciphertext verifies the aggregated signatures in a single step and can verify multiple signatures published in different topics. The number of aggregate signatures can scale based on the scalability property on the MQTT protocol.

Performance Evaluation of the CLASC Scheme
In this subsection, we evaluate the performance of the CLASC scheme employed in the proposed SenseCrypt framework. We compare our CLASC scheme with schemes proposed by Eslami and Pakniat [27] and Basudan, Lin [28] using computation cost and communication overhead as evaluation metrics. The following parameters are used to measure the scheme's efficiency: The CLASC scheme in the proposed framework allows each MC i to signcrypt sensitive data at any given time. However, mobile clients cannot aggregate signcrypted data, unlike the aggregator that can aggregate multiple signcrypted sensitive data. The effective compression technique adopted in the framework further reduces the size of the sensitive data to be signcrypted. The signcryption algorithm required four multiplication operations in G 1 for the successful signing and encryption in the framework. A single pairing operation was required for the unsigncrypt process by the MCS application server (AS R ). Table 6 compares pairing time, scalar multiplication time and exponentiation time of the signcryption and unsigncryption processes of our scheme with schemes proposed by Eslami and Pakniat [27] and Basudan, Lin [28]. The comparison can also be visualized in Figure 6. Aggregate verification of the signature and unsigncrypt processes required two scalar multiplication operations. On the other hand, the receiver of the aggregated ciphertext SCSD agr verifies the aggregated signatures in a single step and can verify multiple signatures published in different topics. The number of aggregate signatures can scale based on the scalability property on the MQTT protocol.  The communication overhead of the proposed scheme is derived from the length of the aggregated ciphertext which is the compressed annotated sensitive data * . The MQTT broker in the framework forwards the aggregated ciphertext to the MCS server. Since two parts of each ciphertext is required for decryption by the MCS server ( ); the communication overhead of the CLASC scheme is a non-constant value. To this end, there exist + 1 elements in for the security of the aggregated data . Table 7 compares the computational cost and the communication overhead of the schemes discussed above.

Reference
Computational Cost Computational Overhead [27] 5 + 6 ( + 1)| | + | | [28] 4 + 8 ( + 1)| | + | | Proposed SenseCrypt 3 + 6 ( + 1)| | + | | Similar to the evaluation method used by Basudan [28], we employed an MNT curve [61] and the Weil/Tate pairing : × → curve, where = 160-bit and the degree of curve is 6. To obtain the running time of the cryptographic operations, the scheme was implemented on an Intel Core i7 (TM), 2.90 GHz dual-core machine (simulating operations of the ASR). Results from the cryptographic operations are presented in Table 8. The running time of our proposed scheme is compared with that of Basudan [28] in Figure 7. The communication overhead of the proposed scheme is derived from the length of the aggregated ciphertext SCSD agr which is the compressed annotated sensitive data ASD * . The MQTT broker in the framework forwards the aggregated ciphertext to the MCS server. Since two parts of each ciphertext C i is required for decryption by the MCS server (AS R ); the communication overhead of the CLASC scheme is a non-constant value. To this end, there exist n + 1 elements in G 1 for the security of the aggregated data SCSD agr . Table 7 compares the computational cost and the communication overhead of the schemes discussed above. Table 7. Analysis of computational and communication overhead.

Reference
Computational Cost Computational Overhead [27] 5T p + 6T m (n + 1)|G 1 | + n|m| [28] 4T p + 8T m (n + 1)|G 1 | + n|m| Proposed SenseCrypt 3T p + 6T m (n + 1)|G 1 | + n|m| Similar to the evaluation method used by Basudan [28], we employed an MNT curve [61] and the Weil/Tate pairing e : G 1 × G 1 → G 2 curve, where q = 160-bit and the degree of curve is 6. To obtain the running time of the cryptographic operations, the scheme was implemented on an Intel Core i7 (TM), 2.90 GHz dual-core machine (simulating operations of the AS R ). Results from the cryptographic operations are presented in Table 8. The running time of our proposed scheme is compared with that of Basudan [28] in Figure 7.

Security Analysis
In this subsection, we analyze the security of the proposed SenseCrypt framework against some known attacks in mobile crowd sensing.

Operations
Running Time Descriptions 2.02 ms The time for one pairing operation 0.1 ms The time for a scalar point multiplication operation

Security Analysis
In this subsection, we analyze the security of the proposed SenseCrypt framework against some known attacks in mobile crowd sensing.

Resilience to Privileged Insider Attack
In the proposed framework, the MCS client forwards his/her signcrypted sensitive data to the aggregator. The is the ciphertext = ( , ), pseudonymized as = ( , ( )). The pseudonym preserves the identity of from disclosure to the aggregator, MQTT broker and the MCS application server ( ). The of derived from a one-way hash function ( ) protects the identity of from insider attack since the aggregator or ( ) does not know the secret value chosen by .

Resilience to Replay Attack
Timestamps are used to avoid replay attacks in the SenseCrypt framework. Specifically, a timestamp mechanism is employed to ensure the freshness of each published message in the framework. An adversary , cannot replay the sent to the MCS application server , since an ephemeral session key is used for the transfer of . Additionally, the authentication message between the , aggregator and are protected. Hence, replay attacks cannot succeed in the proposed framework.

Resilience to Forgery Attacks
The first scenario deals with forgery attacks on mobile client . In this case, an adversary may eavesdrop or intercept the message transmitted from in the framework.

Resilience to Privileged Insider Attack
In the proposed framework, the MCS client MC i forwards his/her signcrypted sensitive data SCSD i to the aggregator. The SCSD i is the ciphertext C i = (T i , W i β i ), pseudonymized as SCSD i = (Q i , Signcrypt(SensitiveData)). The pseudonym Q i preserves the identity of MC i from disclosure to the aggregator, MQTT broker and the MCS application server (AS R ). The Q i of MC i derived from a one-way hash function H 2 (MC i ) protects the identity of MC i from insider attack since the aggregator or (AS R ) does not know the secret value g i chosen by MC i .

Resilience to Replay Attack
Timestamps are used to avoid replay attacks in the SenseCrypt framework. Specifically, a timestamp mechanism is employed to ensure the freshness of each published message in the framework. An adversary A, cannot replay the sent SCSD agr to the MCS application server AS R , since an ephemeral session key is used for the transfer of SCSD agr . Additionally, the authentication message between the MC i , aggregator and AS R are protected. Hence, replay attacks cannot succeed in the proposed framework.

Resilience to Forgery Attacks
The first scenario deals with forgery attacks on mobile client MC i . In this case, an adversary A may eavesdrop or intercept the message transmitted from MC i in the framework. Then if A sends a forged message to the KGC (Key Generator Centre), the KGC extracts the value of [k] with the secret rPW rb then computes the hash [h a ]. The KGC then verifies the legitimacy of the user by checking whether h a = r PW ra + Y pub Q i . However, without the knowledge of the correct secret, A cannot compute the valid value [r]. Hence, the framework is secure against MC i forgery attack.
The second scenario is the KGC forgery attack. The message sent from the KGC to the mobile client MC i and MCS application server AS R is protected by the hash mechanism (SHA-256), using the computed key [F part = g i + s * Q i ]. The adversary A cannot forge the message [m i ] without knowing [F part ]. Additionally, without knowing the partial private key, an adversary A cannot forge a valid value [ F part = g i ], which is verifiable by either the mobile client MC i or MCS application server AS R . Hence the proposed framework is secure against KGC forgery attack.

User Anonymity and Unlinkability
Users' identity and location are two major privacy issues of concern for MCS participants. The participant's real identity is vital in obtaining his/her behaviour. Hence, the participant's identity and related information must be protected from unauthorized parties. In the proposed framework, the identity of the mobile client MC i is never published over the network, the pseudonym Q i is used instead. This technique makes it impossible for an adversary to reveal the identity of participants from intercepted messages. Since [Q i ] is unlinkable, outsiders or even other participants lack the knowledge of who is communicating with the aggregator or MCS application server at any given time. Hence, the proposed framework prevents identity disclosure and preserves participants' privacy. Correspondingly, signcrypting the location data of participants SCSD i , ensures that only the MCS server AS R with the corresponding private key can unsigncrypt and obtain the plaintext information (sensitive location data) of participants.

Confidentiality and Integrity of Sensitive Location Data
Signcryption of sensitive location data by the mobile client MC i generates a ciphertext C i = (T i , W i , β i ). In this case, T i , W i satisfy the encryption properties of the CLASC scheme and β i performs signing, all in one step. AS R is the only entity that can unsigncrypt SCSD i (signcrypted sensitive data) through the computation of T i , W i , β i . With this in place, confidentiality is achieved even if an active man-in-the-middle attacker eavesdrops on transmitted sensor data. SCSD i remains undisclosed and cannot be modified, hence ensuring the integrity of sensitive data.

Conclusions
In this paper, we propose a framework that annotates sensor data and signcrypts sensitive location data of mobile crowd sensing participants. The annotation module of the framework employs the K-means algorithm for the labelling of data from multiple smartphone sensors (accelerometer, gyroscope, magnetometer and GPS) into non-sensitive and sensitive clusters. The data signcryption module leverages the signing and encryption properties of the certificateless aggregation signcryption scheme (CLASC) to secure sensitive location data of MCS participants. The paper also puts forward a novel implementation technique that uses efficient data compression technique and MQTT protocol to minimize the computational cost and communication overhead associated with CLASC schemes. Results show that the CLASC scheme implemented in the proposed framework is efficient and robust against attacks such as privilege insider attack, forgery and replay attacks while ensuring confidentiality, integrity and privacy. Presently, the framework only handles location data as sensitive data of interest. As future work, the framework can be extended to incorporate more sensors and annotate other sensitive data in mobile crowd sensing.