Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy of Location Information in Vehicular Ad Hoc Networks Walaa El-Din M. Moustafa.

Similar presentations


Presentation on theme: "Privacy of Location Information in Vehicular Ad Hoc Networks Walaa El-Din M. Moustafa."— Presentation transcript:

1 Privacy of Location Information in Vehicular Ad Hoc Networks Walaa El-Din M. Moustafa

2 Smart Vehicles An important evolution for the automotive industry is the one toward context awareness. A vehicle is aware of its neighborhood including the presence and location of other vehicles.

3 Smart Vehicles Modern cars now possess a network of processors connected to a central computing platform that provides Ethernet, Bluetooth, and IEEE 802.11 interfaces.

4 Smart Vehicles Newer cars also have such features as  Event Data Recorder (EDR)  GPS Receiver  Front and End Radar for detecting obstacles

5 VANET Vehicles connected to each others through an ad hoc formation form a wireless network called “Vehicular Ad Hoc Network”

6 VANET

7 Decentralized Self-organizing Multi-hop routes Nodes move with high speeds Number of nodes is very large

8 Architecture Road Side Unit (RSU) V2I V2V Server (Location Based Service) Server (Traffic Monitoring)

9 Applications

10

11 Obstacles A major hurdle in moving forward is that only a small subset of vehicles will be smart V2V applications requires most of the vehicles be equipped with these systems

12 Obstacles The feeling of being permanently monitored by some arbitrary authority will limit the user acceptance to these schemes

13 Privacy Threat Examples The police uses hello beacons to calculate driving behavior and issues speeding tickets. An employer is overhearing the communications from cars on the company parking lot.

14 Privacy Threat Examples A private investigator easily follows a car without being noticed by extracting position information from messages and hello beacons.

15 First Step to Privacy In the first example, a pseudonym may be used. Unless there is no provable mapping between the pseudonym and real-world identity, the police will have a hard time issuing a ticket.

16 First Step to Privacy In the second example this may not be enough The employer can correlate real-world identities and pseudonyms. Change the car’s identifiers from time to time.

17 First Step to Privacy In the third example, even these precautions would not be enough. To prevent being followed, the car’s identifier would have to be changed while moving.

18 Basic Privacy Requirements Use pseudonyms as identifiers instead of real-world identities. Change these pseudonyms. The number of pseudonym changes depends on the application and its privacy threat model. Pseudonyms used during communication can be mapped to real-world identities in special situations Trusted Authority

19 Are we missing something? ID 50c7eab4Pos (6, 6) ID d667a062Pos (4, 4) ID cc6946d2Pos (2, 1) ID 3b99e1f6Pos (0, 1)

20 Are we missing something? ID c77b6e7aPos (-6, -6) ID c511c120Pos (-4, -4) ID d6130970Pos (2, 0) ID 3e086548Pos (0, 0)

21 Are we missing something? Silent Period for A Silent Period for B

22 More Privacy – V2V For V2V scenarios, actually it is hard to achieve more privacy. The silent period is bound by the maximum time between broadcast messages.

23 More Privacy – V2I For V2I applications:  Vehicles in geographical proximity share redundant information such as road and traffic conditions.  Not all vehicles need to send information.

24 More Privacy – V2I Vehicles form a group. Vehicles are in a group if each group member can hear broadcasts of every other group member. The group leader is doing the communication on behalf of the group.

25 More Privacy – V2I The silent period of a group member vehicle is extended. Unnecessary redundancy is reduced. Reduced number of pseudonym updates

26 More Privacy – LBS Pseudonyms are not enough Most of the time, users access LBS from an “identifiable area” E.g. “Find me the nearest Pizza Hut to 8100 Greenbelt Road”  You are the resident of 8100 Greenbelt Road.

27 More Privacy – LBS The request needs to be done through a proxy  Can be the group leader  Can be a Location Anonymizer A user needs to specify a cloaking region  It is used to hide the user among different others, so that she is indistinguishable.

28 More Privacy – LBS A user can specify the cloaking region through:  Its minimum area.  The minimum number of users inside of it. This metric is called k-anonymity  The distribution of users across the area.

29 Tracking Assume s min, s max are the minimum and maximum speed limits, respectively Assume t min, t max are the minimum and maximum silent period values, respectively

30 Tracking Given the current position, the next broadcast should take place inside the area: ArAr

31 Privacy Measure Size of anonymity set  The number of users that the target is indistinguishable among The maximum tracking time  The maximum time that the anonymity set remains 1

32 Privacy Measure If v(A r ) is the number of vehicles inside A r The expected size of anonymity set of a target is  E {|S A |} = E { v(A r ) | v(A r ) ≥ 1 } The probability that the target can be uniquely identified at each transmission  p track = Pr { v(A r ) = 1 | v(A r ) ≥ 1 } The expected maximum tracking time is

33 Is privacy always good? Traceability due to cross-layer influence  Changing the pseudonym on one communication layer does not make sense if protocols on other layers also use identifiers Security implications  With pseudonyms, misbehaving nodes can evade the network without being identified

34 Is privacy always good? Problems with application protocols  There are applications that need a long-term communication relationship  E.g. File-transfer or interactive chat-sessions Impact on communication protocols  Negative effect on routing protocols due to invalid routing tables.

35 References J.-P. Hubaux, S. Capkun, J. Luo. The Security and Privacy of Smart Vehicles IEEE Security and Privacy Magazine, 2(3):49-55, May-June 2004. Hubaux, et. al. present a broad overview of VANET security and privacy issuesThe Security and Privacy of Smart Vehicles F. Dotzer. Privacy Issues in Vehicular Ad Hoc Networks. Workshop on Privacy Enhancing Technologies, May 2005Privacy Issues in Vehicular Ad Hoc Networks. K. Sampigethava, L. Huang, M. Li, R. Poovendran, K. Matsuura, K. Sezaki. CARAVAN: Providing Location Privacy for VANET Proceedings of the 3rd international workshop on Vehicular ad hoc networks, 2006 CARAVAN: Providing Location Privacy for VANET Mohamed F. Mokbel, Chi-Yin Chow and Walid G. Aref. The New Casper: Query Processing for Location Services without Compromising Privacy, In Proceedings of VLDB 2006 E. Schoch, F. Kargl, T. Leinmuller, S. Schlott, and P. Papadimitratos. "Impact of Pseudonym Changes on Geographic Routing in VANETs." In proceedings of the European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS), Hamburg, Germany, October 2006

36 Thanks !!


Download ppt "Privacy of Location Information in Vehicular Ad Hoc Networks Walaa El-Din M. Moustafa."

Similar presentations


Ads by Google