1 / 24

On Location Privacy in Vehicular Mix-Networks

On Location Privacy in Vehicular Mix-Networks. Julien Freudiger IC-29 Self-Organised Wireless and Sensor Networks Tutors: Maxim Raya Márk Félegyházi. Outline. Problem Statement System Model Vehicular Networks Adversary Mix-zone Cryptographic Mix-zones The CMIX protocols

meadow
Download Presentation

On Location Privacy in Vehicular Mix-Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Location Privacy in Vehicular Mix-Networks Julien Freudiger IC-29 Self-Organised Wireless and Sensor Networks Tutors: Maxim Raya Márk Félegyházi

  2. Outline • Problem Statement • System Model • Vehicular Networks • Adversary • Mix-zone • Cryptographic Mix-zones • The CMIX protocols • Vehicular Mix-Networks • Dynamic Mix-Networks • Results

  3. 1. Problem Statement What location privacy?

  4. Our Approach • Create Mix-zones • Use Pseudonyms

  5. 2. Vehicular Networks • Safety messages • position (p), speed (s) and acceleration (a) • Time stamp • Assume Public Key Infrastructure (PKI) • Certification Authority (CA) distributes pseudonyms • Pi,k with k=1,…,F for vehicle i • To each Pik correspondspublic/private key pair (Ki,k,Ki,k-1) • Pik = H(Ki,k)

  6. Adversary Model Adversary types: • Weak Adversary (WA) • Global Passive External with incomplete information • Strong Adversary (SA) • Global Passive External with complete information • RSU Adversary • Global Passive partially Internal with complete information

  7. Mix-Zones definition • Goal: Obscure relation of incoming and outgoing traffic => Unlinkability • Strong adversary observes location and time of entering/exiting events: • Entering event: k = (n,) i.e., on road n at time  • Exiting event: l = (e,’) i.e., on road e at time ’ • Strong adversary has statistical information about mix-zones • Location: pn,e = Prob(“Vehicle enters on road n and exits on road e”) • Timing: qn,e(t) = Prob(“Time spent between n and e is t”) Prk ! l = Prob(“ Mapping of entering event k to exiting event l ”)

  8. Mix-Zones Effectiveness • Measure effectiveness with entropy: • Maximize entropy • High density (N) • High unpredictability (p,q) where N= # of vehicles Mix-zones at road intersections =>

  9. 3. Cryptographic Mix-Zone • Silent Mix-zones: • Turn off transceivers • Unconditional security • Cryptographic Mix-zones (CMIX): • Encrypt Safety Messages • Symmetric Cryptography • Computational security • Not user centric Not in the scope of Vehicular Networks

  10. Centralized CMIX Protocol (pi,si,ai) = Safety message of vehicle i Ts = Time stamp Sign = Digital Signature Certi,k = k-th Certificate of vehicle i SK = Symmetric Key

  11. Distributed CMIX Protocol (pi,si,ai) = Safety message of vehicle i Ts = Time stamp Sign = Digital Signature Certi,k = k-th Certificate of vehicle i SK = Symmetric Key

  12. Centralized CMIX ProtocolRSUs Adversary (pi,si,ai) = Safety message of vehicle i Ts = Time stamp SignRing = Ring Signature DescRing = Ring description SK = Symmetric Key • Ring Signatures : • Anonymous signatures based on groups • Require public keys of all the group members • Accountable signature scheme

  13. 4. Vehicular Mix-Networks • Mix-network cumulative entropy for vehicle v: where L= Length of the path

  14. Dynamic Mix-Networks Dynamics • Set of traversed mix-zones always different • Mix-zones have different qn,e(t) • Path length L varies for each vehicle v • Lv ~ N(v, v) Upper Bounds • WA model in Vehicular Mix-zone: • H(v) · log2(N) • WA model in Vehicular Mix-network: • E[log2(N)] · log2(E[N])

  15. 5. Simulation Setup Network model • 10X10 Manhattan network with 4 roads/intersection • N ~ Poisson() •  ~ Uniform[0,T] • Uniform random walk, pn,e ~ U(1/4) • qn,e ~ N(n,e, n,e) Metrics • Entropy • Cumulative Entropy • Intersection Mapping Success Ratio (SR) • Vehicle Mapping Success Ratio (SR)

  16. Mix-Zone Entropy

  17. Mix-Zone SR

  18. Mix-Networks Entropy

  19. Mix-Networks SR

  20. Results - Discussion • Achievable anonymity depends on  • Traffic conditions determine location privacy • Resistance to privacy degradation • Dynamic mix-networks offer good resistance • Dynamic mix-networks are strong when • global uniformity • local diversity

  21. Future Work • Results on VANET simulator • More realistic delay characteristics qn,e(t) and traffic patterns • Extending towards user-centric location privacy • Cooperation for privacy • Cost of privacy • Ring signatures • Anonymous signatures scheme for mobile networks with non-repudiation

  22. Conclusion • Location privacy in vehicular networks • Cryptographic mix-zones (CMIX) • Dynamic mix-networks • Bounds on anonymity • High location privacy for various types of adversaries

  23. Related Work • A. R. Beresford. Mix-zones: User privacy in location-aware services. PerSec 2004 • L. Huang, K. Matsuura, H. Yamane, and K. Sezaki. Silent cascade: Enhancing location privacy without communication QoS degradation. SPC 2005 • M. Li, K. Sampigethaya, L. Huang, and R. Poovendran. Swing & Swap: User-centric Approaches Towards Maximizing Location Privacy. WPES 2006 • R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. ASIACRYPT 2001

  24. CMIX Discussion • Extended mix-zone • Overlapping mix-zones • Same SK over several mix-zones • Attacks • As secure as symmetric crypto • Key establishement

More Related