Embed Size (px)
DESCRIPTION
Mix-Zones for Location Privacy in Vehicular Networks. Julien Freudiger Maxim Raya, Márk Félegyházi , Panos Papadimitratos, and Jean-Pierre Hubaux August 14, 2007 WiN-ITS, Vancouver, BC, Canada. Motivation. Safety messages Position (p) Speed (s) Acceleration (a). Authenticated - PowerPoint PPT Presentation
Citation preview
Mix-Zones for Location Privacy
in Vehicular Networks
Julien Freudiger
Maxim Raya, Márk Félegyházi, Panos Papadimitratos, and Jean-Pierre Hubaux
August 14, 2007
WiN-ITS, Vancouver, BC, Canada
2
Motivation
RSU
RSU
V1
{(p1,s1,a1), timestamp, sign, cert1,k}every 100 [ms]
{(p4,s4,a4), timestamp, sign, cert4,k}every 100 [ms]
V4
{(p2,s2,a2), timestamp, sign, cert2,k}every 100 [ms] V
2
{(p3,s3,a3), timestamp, sign, cert3,k}every 100 [ms]
V3
Safety messages • Position (p)• Speed (s)• Acceleration (a)
Authenticated• Digital Signature• Certificate
3
No location privacy
4
Outline
1. System and Threat Model
2. Mix-Zones
3. Vehicular Mix-Networks
4. Simulation Results
5
Vehicular Networks
• Safety Messages– (p,s,a)– Timestamp– Authenticated
• Certification Authority (CA)– CA distributes public/private key pairs (Ki,j,Ki,j
-1) with j=1,…,F to each vehicle i
– F is the size of the set of key pairs– Public keys certificates are referred to as pseudonyms=> Vehicles are preloaded with a large set of pseudonyms and key pairs
• Vehicles have tamper proof devices that guarantee the– Correct execution of cryptographic operations– Non-disclosure of private keying material
RSU
{(p1,s1,a1), Ts, Sign, Cert1,k}sent by V1
under pseudonym P1,k
V1
Wired Network
ServersCA
6
AdversaryWe assume an external, global, and passive adversary
• Installs its own radio receivers• Collects GPS coordinates and pseudonyms of safety messages• Links pseudonym changes using GPS coordinates
– WiFi operator (e.g., Google, EarthLink )
– WiFi community network (e.g., FON)
[http://www.earthlink.net/wifi/cities/]
7
A mix-zone is a restricted region where users cannot be located
Entering event k = (n,) i.e., from road n at time Exiting event l = (e,’) i.e., from road e at time ’
•Adversary has statistical information about mix-zones– pn,e = Prob(“Vehicle enters from road n and exits from road
e ”)– qn,e(t) = Prob(“Time spent between road n and e is t ”)
•Statistical information depends on – The geometry of the mix-zone– The location of the mix-zone in the network topology
t
t
enter
exit
?
vx vy
Mix-Zone Definition (1)
v1 v2
V1
Vx
Vy
RSUMix-zone
V2
8
Mix-Zone Definition (2)
•Mix-zones obscure the relation of incoming and outgoing vehicles
– Unlinkability
•An adversary estimates the mapping of entering and exiting events
– With two vehicles
•The probability of a mapping depends on the geometry of the mix-zone
, ,
Pr Pr("Mapping of entering event k to exiting event l")
( )k l
n e n ep q t
9
Mix-Zone Effectiveness
Entropy measures uncertainty of mapping
– N models the mix-zone density
– (pn,e, qn,e(t)) models the unpredictability of vehicles’ whereabouts
)(PrlogPr)( 21
lk
N
klkvH
where N= # of mobiles in the mix-zone
10
Where to create Mix-Zones?
Best mix-zone
• High N• High vehicle whereabouts unpredictability (pn,e, qn,e(t))
Road intersections
Ntqp enen
vHMax),(, ,,
))((
11
HighUncertainty
12
How to create a mix-zone?
• Cryptographic Mix-zone (CMIX)– Encrypt Safety Messages (with a
symmetric key SK)– Computational security
RSU
RCMIX
RBeacon
V1
Mix-Zone
SK
13
CMIX Protocol(1) Key Establishment
Vi
SK = Symmetric KeyTs = Time stampSigni = Signature of iCerti,k = Certificate of i
Request, Ts, Signi(Request,Ts), Certi,k
Ack, Ts, Signi(Ack,Ts), Certi,k
EKi,j(vi, SK, Ts, SignRSU(vi, SK, Ts)), CertRSU
Rely on presence of RSU at road intersection to establish a symmetric key
RSU
14
CMIX Protocol(2) Key Forwarding
Mix-Zone
RSU
RCMIX
Extended Mix-Zone
(1)
RBeacon
V1V2
• V2 unable to obtain key directly from RSU, thus to decrypt messages from V1
• RSU leverages on vehicles already in the mix-zone to forward symmetric key• V2 broadcasts key requests until any vehicle in the mix-zone replies
• Vehicles do not encrypt their messages before entering the mix-zone
EK2,j(v2, v1, SK, Ts, SignRSU(v1, SK, Ts))
(2)
15
CMIX Protocol(3) Key Update
• RSU initiates key update to – renew keys
– revoke keys
• Update is triggered when– Mix-zone is empty
• CA is informed of new SK for liability issues
• Asynchronous key updates across mix-zones improve system security
16
Vehicular Mix-Network
Mix-network cumulative entropy for vehicle v
where L= Length of the path inthe mix-network
L
iitot vHLvH
1
)(),(
17
Simulation Setup
• 10X10 Manhattan network with 4 roads/intersection
• N ~ Poisson(vehicles per intersection at network initialization
• Vehicle inter arrival time ~ Uniform[0,T] models– High traffic congestion
– Low traffic congestion
• Intersection characteristics
– qn,e(t) ~ N(n,e, n,e) for each intersection
– pn,e randomly chosen for each intersection
18
Vehicular Mix-Zone
• Both network density and congestion affect the achievable location privacy
• Confidence intervals are small because there is low variability within one mix-zone
19
Vehicular Mix-Network
• Larger confidence interval due to varying number of vehicles and varying set of traversed mix-zones
• Tracking probability is quickly insignificant
Mix-zones effectiveness is high
20
Conclusions
• Mix-zone effectiveness depends on – Intersection’s congestion
– Vehicle’s density
– Vehicles’ whereabouts unpredictability
• Vehicular mix-network effectiveness– Has large variance
– But is overall high
• Need more simulations– With realistic traffic traces
• Efficiency of vehicular mix-network is independent of CMIX protocol– Alternative CMIX protocols could exploit location
21
References
• L. Buttyán, T. Holczer, and I. Vajda. On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs. ESAS 2007
• A. R. Beresford. Mix-zones: User privacy in location-aware services. PerSec 2004
• L. Huang, K. Matsuura, H. Yamane, and K. Sezaki. Silent cascade: Enhancing location privacy without communication QoS degradation. SPC 2005
• M. Li, K. Sampigethaya, L. Huang, and R. Poovendran. Swing & Swap: User-centric Approaches Towards Maximizing Location Privacy. WPES 2006
• M. Raya, P. Papadimitratos, and J.-P. Hubaux. Securing Vehicular Communications. IEEE Wireless Communications magazine, 2006
22
CMIX Protocol Analysis
• Transmission Complexity – Key requests scale with network condition– Avoid key reply flooding by backoff mechanism and key
acknowledgement
• Computational Complexity – The number of exponentiations is manageable– Load is shared among vehicles in the CMIX
• Security– Impersonation/Instantiation attacks are unfeasible– Denial of service attacks are hard– Cost to become internal adversary is high
