Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safety and Privacy in Mobile Services Qianhong Wu, Agusti Solanas and Josep Domingo-Ferrer {qianhong.wu, agusti.solanas, Universitat.

Similar presentations

Presentation on theme: "Safety and Privacy in Mobile Services Qianhong Wu, Agusti Solanas and Josep Domingo-Ferrer {qianhong.wu, agusti.solanas, Universitat."— Presentation transcript:

1 Safety and Privacy in Mobile Services Qianhong Wu, Agusti Solanas and Josep Domingo-Ferrer {qianhong.wu, agusti.solanas, josep.domingo} Universitat Rovira i Virgili, Catalonia

2 Outlines Safety and Privacy in  Vehicular ad hoc networks (VANETs)  Location based services (LBSs)  RFID

3 Introduction to VANETs The IEEE 802.11p task group Dedicated Short Range Communications (DSRC) Support communications for vehicles and roadside infrastructure Car manufacturers and telecommunication industries Gear up to equip each car with devices known as On-Board Units (OBUs) The European Union A batch of projects to give cars the ability to communicate wirelessly with the road and among themselves. Those developing car- and road-communications systems will begin testing their wares this at six sites in Europe. Experts expect the technologies to begin commercial deployment as soon as 2011.

4 Introduction to VANETs The motivation of VANETs is to improve Public safety Traffic efficiency Driver assistance Transportation regulation The precondition includes The message from vehicles is trustworthy The vehicles are cooperative No malicious deviation

5 Security concerns in VANETs Safety concerns Compromise trustworthiness of communications  Produce false messages  Generate messages by impersonation  Tamper with messages  Jeopardize VANETs by message flooding (not further considered here) Privacy concerns Identity privacy  Driving profile  Location privacy  Link location and identity

6 Countermeasures for securing VANETs A posteriori countermeasures Punitive action against vehicles who have been proven to have originated fraudulent messages.  We must have means to identify malicious vehicles to take punitive actions Privacy is usually provided in existing solutions  A pseudonym mechanism  Group signature  A trusted third party can open the identities of dishonest vehicles

7 Countermeasures for securing VANETs A priori countermeasures Prevent the generation of fraudulent messages  A message is trusted if it is endorsed by many vehicles  Assume most vehicles are honest Privacy is rarely provided in existing solutions  Messages from different vehicles must be distinguishable  This may imply anonymity is difficult  Some schemes adopt a special technique to achieve anonymity, but then anonymity cannot be revoked

8 On existing privacy-preserving VANET solutions A posteriori countermeasures are solely not sufficient Taking strict punitive action can exclude some rational attacks Taking strict punitive action cannot prevent damages Taking strict punitive action cannot prevent irrational attacks

9 On existing privacy-preserving VANET solutions Existing solutions with a posteriori countermeasures use too strong assumptions that There is a majority of honest vehicles in any case  What will happen in site scene of organizational criminals? There is a universally suitable threshold  How to find such a universally suitable threshold?  Does the threshold depend on vehicle density?  Does the threshold depend on message significance?  Does the threshold depend on message urgency?  …

10 On existing privacy-preserving VANET solutions Privacy is not very compatible with existing solutions Some schemes do not provide good privacy  Driving pattern can be extracted The Sybil attack is possible for schemes with anonymity Generating fraudulent messages is possible for privacy-preserving schemes without revocability

11 Towards a combination of a priori and a posteriori countermeasures Security goal of the new design Flexible threshold authentication  A vehicle can verify whether a received message has been endorsed by at least t vehicles  The threshold t can dynamically change according to the VANET context Privacy preserving  An attacker cannot trace vehicles generating messages Identity revocability  Trusted parties can trace vehicles generating fraudulent messages

12 Our new privacy-preserving VANET solution Message m is trusted if endorsed by t m vehicles  t m is changeable according to m  Tampered messages can be identified  a priori countermeasures Privacy is provided  Message generator is anonymous A third party can trace the message generators  Vehicles producing fraudulent messages can be punished  A posteriori countermeasures Fast message verification techniques are provided to improve efficiency

13 Introduction to LBSs A certain service that is offered to the users based on their locations A convergence of technologies Popular examples –Providing nearby points of interest based on the real-time location of the mobile user –Advice on current conditions such as traffic and weather –Personalized dating services, –Personalized delivery, –Location-aware and context-sensitive advertising based on mobile user profiles and preferences, –Providing routing and tracking information

14 Privacy Threats in LBSs LBS provides great convenience and flexibility for users To obtain a service, the user submits her (identity,location,query) to the service provider A malicious provider or an attacker compromising the provider's database can track users anytime and anywhere A malicious user can track other users

15 Countermeasures in LBSs Privacy policy based approach Pseudonym approach k-Anonymity  An anonymizer cloaks each user with k-1 other users into a less accurate location Cryptographic approach: private information retrieval

16 Privacy risks in existing privacy- preserving LBSs Too strong trust assumption –The policy based solution assumes that the provider is willing and able to protect the user’s privacy –In TTP-based k-anonymity solution, the trust moves from the provider to the anonymizer –In P2P based k-anonymity solution, each user has to fully trust other users in an ad hoc group

17 Privacy risks in existing privacy- preserving LBSs Privacy risks from attacker’s a priori knowledge: a mini example  Users: Alice, Bob, Carl; Provider: Devil  Anonymizer: Trustee  Request: (Fakename1, Fakename2, Fakename3; Cloaked region; Where is the closest restaurant? Where is the closest pharmacy? Where is the closest bus stop?)

18 Privacy risks in existing privacy- preserving LBSs Privacy risks from attacker‘s a priori knowledge: a mini example. –Points of interest in Cloaked region: one woman hospital, one gymnasium, one funeral parlor and one restaurant –A priori knowledge: Alice is a girl. Bob is a sportsman. Carl is a man –Infer:  Alice is now in the woman hospital and will go to a pharmacy  Bob now in the gymnasium and may go to the restaurant in that cloaked region  Carl is now in the restaurant and leaving for a bus stop

19 Privacy risks in existing privacy- preserving LBSs Privacy risks from privacy-preserving techniques  Location cloaking in k-anonymity: cloaked location is larger, more answers returned, including more information than requested=>privacy risks for the provider and other users  PIR: same situation as above  Larger k, more privacy? choosing larger k =>caring more about privacy=>revealing identity information of the user? Larger k => more people in the cloaked region=>a better chance for a terrorist to produce more fears? Smaller k =>a better chance for a robber not being witnessed?

20 Our new privacy-preserving LBS solution It achieves the following: Full anonymity k cloaked location-query pairs such that  An attacker cannot physically monitor two POIs in the cloaked location  Cloaked queries do not provide useful information for the provider  The effects of the provider’s a priori knowledge are minimized A user can only learn the requested answer  Privacy of the provider is considered No requirements to modify the underlying LBS database organization or its query processing procedure Reasonable performance

21 RFIDs RFID technology is evolving fast The number of RFID tags is rapidly growing There is a need for scalable protocols Manage thousands of tags simultaneously And securely

22 Hash-locks approach The RFID reader must store a growing number of tag IDs. This approach does not scale properly

23 Collaboration-based solution Readers cooperate to distribute the tag IDs so that the whole system can correctly scale with the number of tags.

24 Main references  [RPH06] M. Raya, P. Papadimitratos and J.-P. Hubaux. Securing vehicular communications. IEEE Wireless Communications Magazine, vol. 13, no. 5, pp. 8-15, 2006.  [RPAJ07] M. Raya, P. Papadimitratos, I. Aad, D. Jungels and J.-P. Hubaux. Eviction of misbehaving and faulty nodes in vehicular networks. IEEE Journal on Selected Areas in Communications, vol. 25, no. 8, pp. 1557- 1568, 2007.  [LSHS07] X. Lin, X. Sun, P.-H. Ho and X. Shen. GSIS: A secure and privacy preserving protocol for vehicular communications. IEEE Transactions on Vehicular Technology, vol. 56, no. 6, pp. 3442-3456, 2007.  [GGS04] P. Golle, D. Greene and J. Staddon. Detecting and correcting malicious data in VANETs. In Proceedings of the 1st ACM international workshop on Vehicular Ad Hoc Networks, pp. 29-37, 2004.  [PP05] B. Parno and A. Perrig. Challenges in securing vehicular networks. In Proceedings of the ACM Workshop on Hot Topics in Networks, 2005.

25 Main references  [RAH06] M. Raya, A. Aziz and J.-P. Hubaux. Efficient secure aggregation in VANETs. In Proceedings of the 3rd International Workshop on Vehicular Ad hoc Networks -VANET 06, pp. 67-75, 2006.  [DDSV08] V. Daza, J. Domingo-Ferrer, F. Sebe and A. Viejo. Trustworthy privacy preserving car-generated announcements in vehicular ad hoc networks. IEEE Transactions on Vehicular Technology, Accepted, July 2008.  [WD08] Q. Wu, J. Domingo-Ferrer and U. Gonzalez. Trustworthiness, Safety and Privacy in Vehicle-to-Vehicle Communications. Manuscript in preparation, 2008.  [DW08] J. Domingo-Ferrer and Q. Wu. Invited talk: Safety and Privacy in Vehicular Communications. PiLBA’08. pp. 6-11. To appear in LNCS, Springer-verlag, 2008.  [WD08] Q. Wu, A. Solanas, J. Castella-Roca, J. Domingo-Ferrer. Formal Privacy in Location Based Services: Beyond k-Anonymity. Manuscript in preparation, 2008.

26 Main references  [SAV08] H. Shin, V. Atluri, J. Vaidya. A Profile Anonymization Model for Privacy in a Personalized Location Based Service Environment. The Ninth International Conference on Mobile Data Management. PP. 73-80. IEEE Computer Society, 2008.  [SM08] A. Solanas and A. Martínez-Ballesté, "A TTP-Free Protocol for Location Privacy in Location-Based Services". Computer Communications. Vol. 31, pp. 1181-1191. Apr 2008. ISSN: 0140-3664..  [GL08]B. Gedik and L. Liu. Protecting location privacy with personalized k- anonymity: architecture and algorithms. IEEE Transaction on Mobile Computing, Vol. 7, No. 1. pp. 1-18, 2008.  [SMDD07] A. Solanas, A. Martínez-Ballesté, J. Domingo-Ferrer, and V. Daza. A distributed architecture for scalable private RFID tag identification. Computer Networks, 51(9):2268 – 2279, June 2007. (1) Advances in Smart Cards and (2) Topics in Wireless Broadband Systems. Elsevier. ISSN: 1389-1286.

27 Main references  [SC08] A. Solanas and J. Castellà-Roca. RFID technology for the health care sector. Recent Patents on Electrical Engineering, 1(1):22 – 31, January 2008. Bentham Science Publishers. ISSN: 1874-4761. Inaugural Issue  [SM08] A. Solanas and J. Manjón. RFID Security: Techniques, Protocols and System-On-Chip Design (Paris Kitsos and Yan Zhang (ed.)), chapter: RFID Readers Deployment for Scalable Identification of Private Tags. 2008. Springer-Verlag. ISBN: 978-0-38776-480-1.


Download ppt "Safety and Privacy in Mobile Services Qianhong Wu, Agusti Solanas and Josep Domingo-Ferrer {qianhong.wu, agusti.solanas, Universitat."

Similar presentations

Ads by Google