On Location Privacy in Vehicular Mix-Networks

Mini-Project 2007

On Location Privacy in Vehicular Mix-Networks

Julien Freudiger

IC-29 Self-Organised Wireless and Sensor Networks

Tutors: Maxim Raya Márk Félegyházi

Mini-Project 2007 2

Outline1. Problem Statement

2. System Model– Vehicular Networks– Adversary– Mix-zone

3. Cryptographic Mix-zones– The CMIX protocols

4. Vehicular Mix-Networks– Dynamic Mix-Networks

5. Results

Mini-Project 2007 3

1. Problem Statement

What location privacy?

{(p1,s1,a1), timestamp, sign, cert1,k}every 100 [ms]




V1

V3

V4

V2

RSU

RSU

Mini-Project 2007 4

Our Approach

{(p1,s1,a1), timestamp, sign, cert1,k}sent by V1 every 100 [ms]

under pseudonym P1,k







V1

V3

V4

V2

RSU

RSU

mix-zone

mix-zone

• Create Mix-zones• Use Pseudonyms

Mini-Project 2007 5

2. Vehicular Networks

• Safety messages – position (p), speed (s) and acceleration (a)– Time stamp

• Assume Public Key Infrastructure (PKI)– Certification Authority (CA) distributes pseudonyms

• Pi,k with k=1,…,F for vehicle i– To each Pi

k corresponds public/private key pair (Ki,k,Ki,k-1)

• Pik = H(Ki,k)

Mini-Project 2007 6

Adversary Model

Adversary types:

1. Weak Adversary (WA)• Global Passive External with incomplete information

2. Strong Adversary (SA)• Global Passive External with complete information

3. RSU Adversary– Global Passive partially Internal with complete information

Local/Global: Monitoring area

Internal/External: Member of the network or not

Active/Passive: Alter information or not

Complete/Incomplete Information: Amount of information

Mini-Project 2007 7

Mix-Zones definition

• Goal: Obscure relation of incoming and outgoing traffic => Unlinkability

• Strong adversary observes location and time of entering/exiting events:– Entering event: k = (n,) i.e., on road n at time – Exiting event: l = (e,’) i.e., on road e at time ’

• Strong adversary has statistical information about mix-zones– Location: pn,e = Prob(“Vehicle enters on road n and exits on road e”)

– Timing: qn,e(t) = Prob(“Time spent between n and e is t”)

Prk ! l = Prob(“ Mapping of entering event k to exiting event l ”)

V1

V4

V2

RSU

mix-zone

Mini-Project 2007 8

Mix-Zones Effectiveness

• Measure effectiveness with entropy:

• Maximize entropy

– High density (N)– High unpredictability (p,q)

)(PrlogPr)( 21

lk

N

klkvH

Mix-zones at road intersections

where N= # of vehicles

=>

Ntqp enen

vHMax),(, ,,

))((

Mini-Project 2007 9

3. Cryptographic Mix-Zone

• Silent Mix-zones:– Turn off transceivers– Unconditional security

• Cryptographic Mix-zones (CMIX):

– Encrypt Safety Messages– Symmetric Cryptography– Computational security– Not user centric

Not in the scope ofVehicular Networks

Mini-Project 2007 10

Centralized CMIX Protocol

(pi,si,ai) = Safety message of vehicle iTs = Time stampSign = Digital SignatureCerti,k = k-th Certificate of vehicle iSK = Symmetric Key


Distributed CMIX Protocol

(pi,si,ai) = Safety message of vehicle iTs = Time stampSign = Digital SignatureCerti,k = k-th Certificate of vehicle iSK = Symmetric Key


Centralized CMIX ProtocolRSUs Adversary

(pi,si,ai) = Safety message of vehicle iTs = Time stampSignRing = Ring SignatureDescRing = Ring descriptionSK = Symmetric Key

Ring Signatures :• Anonymous signatures based on groups • Require public keys of all the group members• Accountable signature scheme


4. Vehicular Mix-Networks

• Mix-network cumulative entropy for vehicle v:

where L= Length of the path

L

iitot vHLvH

1

)(),(


Dynamic Mix-Networks

Dynamics• Set of traversed mix-zones always different• Mix-zones have different qn,e(t)• Path length L varies for each vehicle v

– Lv ~ N(v, v)

Upper Bounds• WA model in Vehicular Mix-zone:

– H(v) · log2(N)• WA model in Vehicular Mix-network:

– E[log2(N)] · log2(E[N])


5. Simulation Setup

Network model• 10X10 Manhattan network with 4 roads/intersection• N ~ Poisson(• ~ Uniform[0,T]• Uniform random walk, pn,e ~ U(1/4)• qn,e ~ N(n,e, n,e)

Metrics• Entropy• Cumulative Entropy• Intersection Mapping Success Ratio (SR)• Vehicle Mapping Success Ratio (SR)


Mix-Zone Entropy


Mix-Zone SR


Mix-Networks Entropy


Mix-Networks SR


Results - Discussion

• Achievable anonymity depends on – Traffic conditions determine location

privacy

• Resistance to privacy degradation– Dynamic mix-networks offer good

resistance– Dynamic mix-networks are strong when

• global uniformity • local diversity


Future Work

• Results on VANET simulator– More realistic delay characteristics qn,e(t) and

traffic patterns

• Extending towards user-centric location privacy– Cooperation for privacy– Cost of privacy

• Ring signatures– Anonymous signatures scheme for mobile

networks with non-repudiation


Conclusion

• Location privacy in vehicular networks• Cryptographic mix-zones (CMIX)• Dynamic mix-networks• Bounds on anonymity• High location privacy for various types of

adversaries


Related Work

• A. R. Beresford. Mix-zones: User privacy in location-aware services. PerSec 2004

• L. Huang, K. Matsuura, H. Yamane, and K. Sezaki. Silent cascade: Enhancing location privacy without communication QoS degradation. SPC 2005

• M. Li, K. Sampigethaya, L. Huang, and R. Poovendran. Swing & Swap: User-centric Approaches Towards Maximizing Location Privacy. WPES 2006

• R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. ASIACRYPT 2001


CMIX Discussion

• Extended mix-zone

• Overlapping mix-zones– Same SK over several mix-zones

• Attacks– As secure as symmetric crypto– Key establishement

Documents

On Location Privacy in Vehicular Mix-Networks