On Location Privacy in Vehicular Mix-Networks
description
Transcript of On Location Privacy in Vehicular Mix-Networks
Mini-Project 2007
On Location Privacy in Vehicular Mix-Networks
Julien Freudiger
IC-29 Self-Organised Wireless and Sensor Networks
Tutors: Maxim Raya Márk Félegyházi
Mini-Project 2007 2
Outline1. Problem Statement
2. System Model– Vehicular Networks– Adversary– Mix-zone
3. Cryptographic Mix-zones– The CMIX protocols
4. Vehicular Mix-Networks– Dynamic Mix-Networks
5. Results
Mini-Project 2007 3
1. Problem Statement
What location privacy?
{(p1,s1,a1), timestamp, sign, cert1,k}every 100 [ms]
{(p2,s2,a2), timestamp, sign, cert2,k}every 100 [ms]
{(p3,s3,a3), timestamp, sign, cert3,k}every 100 [ms]
{(p4,s4,a4), timestamp, sign, cert4,k}every 100 [ms]
V1
V3
V4
V2
RSU
RSU
Mini-Project 2007 4
Our Approach
{(p1,s1,a1), timestamp, sign, cert1,k}sent by V1 every 100 [ms]
under pseudonym P1,k
{(p2,s2,a2), timestamp, sign, cert2,k}sent by V2 every 100 [ms]
under pseudonym P2,k
{(p3,s3,a3), timestamp, sign, cert3,k}sent by V3 every 100 [ms]
under pseudonym P3,k
{(p4,s4,a4), timestamp, sign, cert4,k}sent by V4 every 100 [ms]
under pseudonym P4,k
V1
V3
V4
V2
RSU
RSU
mix-zone
mix-zone
• Create Mix-zones• Use Pseudonyms
Mini-Project 2007 5
2. Vehicular Networks
• Safety messages – position (p), speed (s) and acceleration (a)– Time stamp
• Assume Public Key Infrastructure (PKI)– Certification Authority (CA) distributes pseudonyms
• Pi,k with k=1,…,F for vehicle i– To each Pi
k corresponds public/private key pair (Ki,k,Ki,k-1)
• Pik = H(Ki,k)
Mini-Project 2007 6
Adversary Model
Adversary types:
1. Weak Adversary (WA)• Global Passive External with incomplete information
2. Strong Adversary (SA)• Global Passive External with complete information
3. RSU Adversary– Global Passive partially Internal with complete information
Local/Global: Monitoring area
Internal/External: Member of the network or not
Active/Passive: Alter information or not
Complete/Incomplete Information: Amount of information
Mini-Project 2007 7
Mix-Zones definition
• Goal: Obscure relation of incoming and outgoing traffic => Unlinkability
• Strong adversary observes location and time of entering/exiting events:– Entering event: k = (n,) i.e., on road n at time – Exiting event: l = (e,’) i.e., on road e at time ’
• Strong adversary has statistical information about mix-zones– Location: pn,e = Prob(“Vehicle enters on road n and exits on road e”)
– Timing: qn,e(t) = Prob(“Time spent between n and e is t”)
Prk ! l = Prob(“ Mapping of entering event k to exiting event l ”)
V1
V4
V2
RSU
mix-zone
Mini-Project 2007 8
Mix-Zones Effectiveness
• Measure effectiveness with entropy:
• Maximize entropy
– High density (N)– High unpredictability (p,q)
)(PrlogPr)( 21
lk
N
klkvH
Mix-zones at road intersections
where N= # of vehicles
=>
Ntqp enen
vHMax),(, ,,
))((
Mini-Project 2007 9
3. Cryptographic Mix-Zone
• Silent Mix-zones:– Turn off transceivers– Unconditional security
• Cryptographic Mix-zones (CMIX):
– Encrypt Safety Messages– Symmetric Cryptography– Computational security– Not user centric
Not in the scope ofVehicular Networks
Mini-Project 2007 10
Centralized CMIX Protocol
(pi,si,ai) = Safety message of vehicle iTs = Time stampSign = Digital SignatureCerti,k = k-th Certificate of vehicle iSK = Symmetric Key
Mini-Project 2007 11
Distributed CMIX Protocol
(pi,si,ai) = Safety message of vehicle iTs = Time stampSign = Digital SignatureCerti,k = k-th Certificate of vehicle iSK = Symmetric Key
Mini-Project 2007 12
Centralized CMIX ProtocolRSUs Adversary
(pi,si,ai) = Safety message of vehicle iTs = Time stampSignRing = Ring SignatureDescRing = Ring descriptionSK = Symmetric Key
Ring Signatures :• Anonymous signatures based on groups • Require public keys of all the group members• Accountable signature scheme
Mini-Project 2007 13
4. Vehicular Mix-Networks
• Mix-network cumulative entropy for vehicle v:
where L= Length of the path
L
iitot vHLvH
1
)(),(
Mini-Project 2007 14
Dynamic Mix-Networks
Dynamics• Set of traversed mix-zones always different• Mix-zones have different qn,e(t)• Path length L varies for each vehicle v
– Lv ~ N(v, v)
Upper Bounds• WA model in Vehicular Mix-zone:
– H(v) · log2(N)• WA model in Vehicular Mix-network:
– E[log2(N)] · log2(E[N])
Mini-Project 2007 15
5. Simulation Setup
Network model• 10X10 Manhattan network with 4 roads/intersection• N ~ Poisson(• ~ Uniform[0,T]• Uniform random walk, pn,e ~ U(1/4)• qn,e ~ N(n,e, n,e)
Metrics• Entropy• Cumulative Entropy• Intersection Mapping Success Ratio (SR)• Vehicle Mapping Success Ratio (SR)
Mini-Project 2007 16
Mix-Zone Entropy
Mini-Project 2007 17
Mix-Zone SR
Mini-Project 2007 18
Mix-Networks Entropy
Mini-Project 2007 19
Mix-Networks SR
Mini-Project 2007 20
Results - Discussion
• Achievable anonymity depends on – Traffic conditions determine location
privacy
• Resistance to privacy degradation– Dynamic mix-networks offer good
resistance– Dynamic mix-networks are strong when
• global uniformity • local diversity
Mini-Project 2007 21
Future Work
• Results on VANET simulator– More realistic delay characteristics qn,e(t) and
traffic patterns
• Extending towards user-centric location privacy– Cooperation for privacy– Cost of privacy
• Ring signatures– Anonymous signatures scheme for mobile
networks with non-repudiation
Mini-Project 2007 22
Conclusion
• Location privacy in vehicular networks• Cryptographic mix-zones (CMIX)• Dynamic mix-networks• Bounds on anonymity• High location privacy for various types of
adversaries
Mini-Project 2007 23
Related Work
• A. R. Beresford. Mix-zones: User privacy in location-aware services. PerSec 2004
• L. Huang, K. Matsuura, H. Yamane, and K. Sezaki. Silent cascade: Enhancing location privacy without communication QoS degradation. SPC 2005
• M. Li, K. Sampigethaya, L. Huang, and R. Poovendran. Swing & Swap: User-centric Approaches Towards Maximizing Location Privacy. WPES 2006
• R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. ASIACRYPT 2001
Mini-Project 2007 24
CMIX Discussion
• Extended mix-zone
• Overlapping mix-zones– Same SK over several mix-zones
• Attacks– As secure as symmetric crypto– Key establishement