On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs

The promise of vehicular communications is to make road traffic safer and more efficient. However, besides the expected benefits, vehicular communications also introduce some privacy risk by making it easier to track the physical location of vehicles. One approach to solve this problem is that the vehicles use pseudonyms that they change with some frequency. In this paper, we study the effectiveness of this approach. We define a model based on the concept of the mix zone, characterize the tracking strategy of the adversary in this model, and introduce a metric to quantify the level of privacy enjoyed by the vehicles. We also report on the results of an extensive simulation where we used our model to determine the level of privacy achieved in realistic scenarios. In particular, in our simulation, we used a rather complex road map, generated traffic with realistic parameters, and varied the strength of the adversary by varying the number of her monitoring points. Our simulation results provide detailed information about the relationship between the strength of the adversary and the level of privacy achieved by changing pseudonyms.

[1]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[2]  Srdjan Capkun,et al.  The security and privacy of smart vehicles , 2004, IEEE Security & Privacy Magazine.

[3]  Johannes Gehrke,et al.  Query Processing in Sensor Networks , 2003, CIDR.

[4]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[5]  Tim Leinmüller,et al.  Impact of Pseudonym Changes on Geographic Routing in VANETs , 2006, ESAS.

[6]  Maxim Raya,et al.  Securing vehicular ad hoc networks , 2007, J. Comput. Secur..

[7]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[8]  Kaoru Sezaki,et al.  Enhancing wireless location privacy using silent period , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[9]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[10]  Florian Dötzer,et al.  Privacy Issues in Vehicular Ad Hoc Networks , 2005, Privacy Enhancing Technologies.

[11]  Helen J. Wang,et al.  A Framework for Location Privacy in Wireless Networks , 2005 .

[12]  Maxim Raya,et al.  The security of vehicular ad hoc networks , 2005, SASN '05.

[13]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[14]  Markus Jakobsson,et al.  Balancing auditability and privacy in vehicular networks , 2005, Q2SWinet '05.

[15]  M. Gerlach Full Paper : Assessing and Improving Privacy in VANETs , 2006 .

[16]  R. Poovendran,et al.  CARAVAN: Providing Location Privacy for VANET , 2005 .

[17]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[18]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[19]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[20]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[21]  Kun-Chan Lan,et al.  Rapid Generation of Realistic Mobility Models for VANET , 2007, 2007 IEEE Wireless Communications and Networking Conference.

[22]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[23]  Gene Tsudik,et al.  Security and Privacy in Ad-hoc and Sensor Networks, Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005, Revised Selected Papers , 2005, ESAS.