VPriv: Protecting Privacy in Location-Based Vehicular Services

A variety of location-based vehicular services are currently being woven into the national transportation infrastructure in many countries. These include usage- or congestion-based road pricing, traffic law enforcement, traffic monitoring, "pay-as-you-go" insurance, and vehicle safety systems. Although such applications promise clear benefits, there are significant potential violations of the location privacy of drivers under standard implementations (i.e., GPS monitoring of cars as they drive, surveillance cameras, and toll transponders). In this paper, we develop and evaluate VPriv, a system that can be used by several such applications without violating the location privacy of drivers. The starting point is the observation that in many applications, some centralized server needs to compute a function of a user's path--a list of time-position tuples. VPriv provides two components: 1) the first practical protocol to compute path functions for various kinds of tolling, speed and delay estimation, and insurance calculations in a way that does not reveal anything more than the result of the function to the server, and 2) an out-of-band enforcement mechanism using random spot checks that allows the server and application to handle misbehaving users. Our implementation and experimental evaluation of VPriv shows that a modest infrastructure of a few multi-core PCs can easily serve 1 million cars. Using analysis and simulation based on real vehicular data collected over one year from the CarTel project's testbed of 27 taxis running in the Boston area, we demonstrate that VPriv is resistant to a range of possible attacks.

[1]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[2]  Paul H. Rubin,et al.  Economics of Crime , 2006, Found. Trends Microeconomics.

[3]  Jan Camenisch,et al.  Balancing accountability and privacy using E-cash , 2006 .

[4]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[5]  Abhi Shelat,et al.  Automated traffic enforcement which respects "driver privacy" , 2005, Proceedings. 2005 IEEE Intelligent Transportation Systems, 2005..

[6]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[7]  Hari Balakrishnan,et al.  Cabernet: vehicular content delivery using WiFi , 2008, MobiCom '08.

[8]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[9]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[10]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[11]  Jan Camenisch,et al.  A Cryptographic Framework for the Controlled Release of Certified Data , 2004, Security Protocols Workshop.

[12]  Marco Gruteser,et al.  USENIX Association , 1992 .

[13]  Patrick Riley,et al.  The tolls of privacy: An underestimated roadblock for electronic toll collection usage , 2008, Comput. Law Secur. Rev..

[14]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[15]  Stefan Rass,et al.  How to protect privacy in floating car data systems , 2008, VANET '08.

[16]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[17]  Craig Gentry,et al.  Security and Cryptography for Networks - SCN 2012 , 2005 .

[18]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[19]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[20]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[21]  Yang Zhang,et al.  CarTel: a distributed mobile sensor computing system , 2006, SenSys '06.

[22]  R. Freeman,et al.  The economics of crime , 1999 .

[23]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[24]  Andrew J. Blumberg,et al.  Congestion pricing that respects "driver privacy" , 2006 .

[25]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[26]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[27]  Somesh Jha,et al.  Secure function evaluation with ordered binary decision diagrams , 2006, CCS '06.

[28]  Alexandre M. Bayen,et al.  Virtual trip lines for distributed privacy-preserving traffic monitoring , 2008, MobiSys '08.

[29]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[30]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[31]  Marco Gruteser,et al.  On the Anonymity of Periodic Location Samples , 2005, SPC.

[32]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[33]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[34]  Jan Camenisch,et al.  Balancing Accountability and Privacy Using E-Cash (Extended Abstract) , 2006, SCN.

[35]  Hui Xiong,et al.  Enhancing Security and Privacy in Traffic-Monitoring Systems , 2006, IEEE Pervasive Computing.

[36]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.