Article

VPriv: protecting privacy in location-based vehicular services

Authors:

Raluca Ada Popa,

Hari Balakrishnan,

Andrew J. BlumbergAuthors Info & Claims

SSYM'09: Proceedings of the 18th conference on USENIX security symposium

Pages 335 - 350

Published: 10 August 2009 Publication History

Abstract

A variety of location-based vehicular services are currently being woven into the national transportation infrastructure in many countries. These include usage- or congestion-based road pricing, traffic law enforcement, traffic monitoring, "pay-as-you-go" insurance, and vehicle safety systems. Although such applications promise clear benefits, there are significant potential violations of the location privacy of drivers under standard implementations (i.e., GPS monitoring of cars as they drive, surveillance cameras, and toll transponders).

In this paper, we develop and evaluate VPriv, a system that can be used by several such applications without violating the location privacy of drivers. The starting point is the observation that in many applications, some centralized server needs to compute a function of a user's path--a list of time-position tuples. VPriv provides two components: 1) the first practical protocol to compute path functions for various kinds of tolling, speed and delay estimation, and insurance calculations in a way that does not reveal anything more than the result of the function to the server, and 2) an out-of-band enforcement mechanism using random spot checks that allows the server and application to handle misbehaving users. Our implementation and experimental evaluation of VPriv shows that a modest infrastructure of a few multi-core PCs can easily serve 1 million cars. Using analysis and simulation based on real vehicular data collected over one year from the CarTel project's testbed of 27 taxis running in the Boston area, we demonstrate that VPriv is resistant to a range of possible attacks.

References

[1]

BANGERTER, E., CAMENISCH, J., AND LYSYANSKAYA, A. A cryptographic framework for the controlled release of certified data. In Security Protocols Workshop (2004).

[2]

BLUMBERG, A., AND CHASE, R. Congestion pricing that respects "driver privacy". In ITSC (2005).

[3]

BLUMBERG, A., KEELER, L., AND SHELAT, A. Automated traffic enforcement which respects driver privacy. In ITSC (2004).

[4]

BRASSARD, G., CHAUM, D., AND CREPEAU, C. Minimum disclosure proofs of knowledge. In JCSS, 37, pp. 156-189 (1988).

Digital Library

[5]

CAMENISCH, J., HOHENBERGER, S., AND LYSYANSKAYA, A. Balancing accountability and privacy using e-cash. In SCN (2006).

Digital Library

[6]

CHAUM, D. Security without identification: transaction systems to make big brother obsolete. In CACM 28(10) (1985).

Digital Library

[7]

DINGLEDINE, R., MATHEWSON, N., AND SYVERSON, P. Tor: The second-generation onion router. In USENIX Sec. Symp., USENIX Association (2004).

Digital Library

[8]

EIDE, E., RUBIN, P. H., AND SHEPHERD, J. Economics of crime. Now Publishers, 2006.

[9]

ERIKSSON, J., BALAKRISHNAN, H., AND MADDEN, S. Cabernet: Vehicular content delivery using wifi. In MOBICOM (2008).

Digital Library

[10]

GEDIK, B., AND LIU, L. Location privacy in mobile systems: A personalized anonymization model. In 25th IEEE ICDCS (2005).

Digital Library

[11]

GOLDSCHLAG, D., REED, M., AND SYVERSON, P. Onion routing for anonymous and private internet connections. In CACM, 42(2) (1999).

Digital Library

[12]

GOLDWASSER, S., MICALI, S., AND RACKOFF, C. The knowledge complexity of interactive proof-systems. In Proceedings of 17th Symposium on the Theory of Computation, Providence, Rhode Island. (1985).

Digital Library

[13]

GOODIN, D. Microscope-wielding boffins crack tube smartcard.

[14]

GROUP, E.-Z. I. E-zpass.

[15]

GRUTESER, M., AND GRUNWALD, D. Anonymous usage of location-based services through spatial and temporal cloaking. In ACM MobiSys (2003).

Digital Library

[16]

GRUTESER, M., AND HOH, B. On the anonymity of periodic location samples. In Pervasive (2005).

Digital Library

[17]

HOH, B., GRUTESER, M., HERRING, R., BAN, J., WORK, D., HERRERA, J.-C., BAYEN, A., ANNAVARAM, M., AND JACOBSON, Q. Virtual trip lines for distributed privacy-preserving traffic monitoring. In Mobisys (2008).

Digital Library

[18]

HOH, B., GRUTESER, M., XIONG, H., AND ALRABADY, A. Enhancing security and privacy in trafc-monitoring systems. In IEEE Pervasive Computing, 5(4):38-46 (2006).

Digital Library

[19]

HOH, B., GRUTESER, M., XIONG, H., AND ALRABADY, A. Preserving privacy in gps traces via uncertainty-aware path cloaking. In ACM CCS (2007).

Digital Library

[20]

HULL, B., BYCHKOVSKY, V., CHEN, K., GORACZKO, M., MIU, A., SHIH, E., ZHANG, Y., BALAKRISHNAN, H., AND MADDEN, S. Cartel: A distributed mobile sensor computing system. In ACM SenSys (2006).

Digital Library

[21]

INSURANCE, A. Mile meter.

[22]

KRUMM, J. Inference attacks on location tracks. In Pervasive (2007).

Digital Library

[23]

L. KRUGER, E. GOH, S. J., AND BONEH, D. Secure function evaluation with ordered binary decision diagrams. In ACM CCS (2006).

Digital Library

[24]

LITMAN, T. London congestion pricing, 2006.

[25]

LYSYANSKAYA, A., RIVEST, R., SAHAI, A., AND WOLF, S. Pseudonym systems. Springer, 2000.

[26]

MALKHI, D., NISAN, N., PINKAS, B., AND SELLA, Y. Fairplay - a secure two-party computation system. In USENIX Sec. Symp., USENIX Association (2004).

Digital Library

[27]

NAOR, M., AND REINGOLD, O. Number-theoretic constructions of efficient pseudo-random functions. In Journal of the ACM, Volume 51, Issue 2, p. 231-262 (March 2004).

Digital Library

[28]

OF TRANSPORTATION STATISTICS, B. National household travel survey daily travel quick facts.

[29]

PEDERSEN, T. P. Non-interactive and information-theoretic secure verifiable secret sharing. In Springer-Verlag (1998).

[30]

RASS, S., FUCHS, S., SCHAFFER, M., AND KYAMAKYA, K. How to protect privacy in floating car data systems. In Proceedings of the fifth ACM international workshop on VehiculAr Inter-NETworking (2008).

Digital Library

[31]

RILEY, P. The tolls of privacy: An underestimated roadblock for electronic toll collection usage. In Third International Conference on Legal, Security + Privacy Issues in IT (2008).

[32]

SALLADAY, R. Dmv chief backs tax by mile. In Los Angeles Times (November 16, 2004).

[33]

SWEENEY, L. k-anonymity: A model for protecting privacy. In International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems v.10 n.5 (2002).

Digital Library

[34]

YAO, A. C. Protocols for secure computations (extended abstract). In FOCS (1982: 160-164).

Digital Library

Cited By

Friedland GTschantz M(2019)Privacy concerns of multimodal sensor systemsThe Handbook of Multimodal-Multisensor Interfaces10.1145/3233795.3233813(659-704)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.1145/3233795.3233813
Jard-Ced RMut-Puigserver MPayeras-Capell MCastell-Roca JViejo A(2018)Time-based low emission zones preserving drivers privacyFuture Generation Computer Systems10.1016/j.future.2016.06.01280:C(558-571)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1016/j.future.2016.06.012
Rial ADanezis GKohlweiss M(2018)Privacy-preserving smart metering revisitedInternational Journal of Information Security10.1007/s10207-016-0355-817:1(1-31)Online publication date: 1-Feb-2018
https://dl.acm.org/doi/10.1007/s10207-016-0355-8
Show More Cited By

Recommendations

Numerical Analysis of Tractor Accidents using Driving Simulator for Autonomous Driving Tractor
ICMRE'19: Proceedings of the 5th International Conference on Mechatronics and Robotics Engineering

Autonomous driving of automobiles is a hot research topic in recent years. The autonomous driving tractor also has been studied in the agricultural field as well as an autonomous driving automobile. On the other hand, tractor accidents frequently occur ...
Evaluation of ACC vehicles in mixed traffic: lane change effects and sensitivity analysis

Almost every automobile company is producing vehicles with adaptive cruise control (ACC) system onboard that enables a vehicle to do automatic vehicle following in the longitudinal direction. The ACC system is designed for driver's comfort and safety ...
Estimation of Passenger Car Equivalents for single-lane roundabouts using a microsimulation-based procedure

Calibration of microscopic traffic simulation models for single-lane roundabouts.Use of a meta-analytical estimation of critical and follow up headways.Use of a genetic algorithm-based procedure.Calculation of passenger car equivalents for single-lane ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SSYM'09: Proceedings of the 18th conference on USENIX security symposium

August 2009

432 pages

Publisher

USENIX Association

United States

Publication History

Published: 10 August 2009

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Friedland GTschantz M(2019)Privacy concerns of multimodal sensor systemsThe Handbook of Multimodal-Multisensor Interfaces10.1145/3233795.3233813(659-704)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.1145/3233795.3233813
Jard-Ced RMut-Puigserver MPayeras-Capell MCastell-Roca JViejo A(2018)Time-based low emission zones preserving drivers privacyFuture Generation Computer Systems10.1016/j.future.2016.06.01280:C(558-571)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1016/j.future.2016.06.012
Rial ADanezis GKohlweiss M(2018)Privacy-preserving smart metering revisitedInternational Journal of Information Security10.1007/s10207-016-0355-817:1(1-31)Online publication date: 1-Feb-2018
https://dl.acm.org/doi/10.1007/s10207-016-0355-8
Corrigan-Gibbs HBoneh DAkella AHowell J(2017)PrioProceedings of the 14th USENIX Conference on Networked Systems Design and Implementation10.5555/3154630.3154652(259-282)Online publication date: 27-Mar-2017
https://dl.acm.org/doi/10.5555/3154630.3154652
Zeinalipour-Yazti DLaoudias C(2017)The anatomy of the anyplace indoor navigation serviceSIGSPATIAL Special10.1145/3151123.31511259:2(3-10)Online publication date: 10-Oct-2017
https://dl.acm.org/doi/10.1145/3151123.3151125
Alanwar AShoukry YChakraborty SMartin PTabuada PSrivastava MZhang PDutta PXing G(2017)PrOLocProceedings of the 16th ACM/IEEE International Conference on Information Processing in Sensor Networks10.1145/3055031.3055080(41-52)Online publication date: 18-Apr-2017
https://dl.acm.org/doi/10.1145/3055031.3055080
Zuo CLiang KJiang ZShao JFang J(2017)Cost-effective privacy-preserving vehicular urban sensing systemPersonal and Ubiquitous Computing10.1007/s00779-017-1046-921:5(893-901)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s00779-017-1046-9
Jardí-Cedó RMut-Puigserver MCastellà-Roca JMagdalena MViejo A(2016)Privacy-preserving Electronic Road Pricing System for Multifare Low Emission ZonesProceedings of the 9th International Conference on Security of Information and Networks10.1145/2947626.2947653(158-165)Online publication date: 20-Jul-2016
https://dl.acm.org/doi/10.1145/2947626.2947653
Jardí-Cedó RCastellí-Roca JViejo A(2016)Privacy-preserving electronic road pricing system for low emission zones with dynamic pricingSecurity and Communication Networks10.1002/sec.15269:16(3197-3218)Online publication date: 10-Nov-2016
https://dl.acm.org/doi/10.1002/sec.1526
Rupp ABaldimtsi FHinterwälder GPaar C(2015)Cryptographic Theory Meets PracticeACM Transactions on Information and System Security10.1145/269990417:3(1-31)Online publication date: 27-Mar-2015
https://dl.acm.org/doi/10.1145/2699904
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents