One major concern in a participatory sensing framework is privacy leakage i.e., leakage of data which may be private or confidential in nature. In the participatory sensing framework, a number of participants are involved in collecting and sharing the data to a centralized server. The data shared may be survey data or personal data. The data may be monitored and captured using sensor(s) installed/attached with a device of the participants. The data captured corresponds to different monitoring areas like forest monitoring, traffic monitoring, health monitoring, disaster monitoring, road surface monitoring, pollution check, location monitoring, and other types of monitoring areas.
Further, the data captured is uploaded to the centralized server of the participatory sensing frameworks for further analysis. Since, the data is confidential in nature, great concerns exist regarding trustworthiness and privacy leakage for the data owner. These concerns may discourage the participants to actively participate and upload the data for further analysis. One primary reason behind such a privacy concern is involvement of third party vendors capable of accessing such data uploaded on the centralized server. Thus, data security and data owner privacy remains a high concern for the participants before sharing the data with the participatory sensing framework.
Another concern is limited scope provided by participatory sensing applications, as most of the participatory applications are custom developed and they don't provide data security and privacy. As the participatory sensing applications are custom developed, the usage of such participatory sensing applications are restricted to only research purposes, and only a small group of people have access to such participatory sensing applications. These small groups of people do not have control on the data security and data privacy of the data shared over the centralized server.
Though, some of these sensing frameworks utilizes communication channel security techniques like Secure Socket Layer (SSL) and Rivest-Shamir-Adleman (RSA) techniques for securing the data, however, a need of installing public key infrastructure (PKI) and continuously providing administration services to distribute and maintain certificates for validation still remains.