Nowhere to hide? Mix-Zones for Private Pseudonym Change using Chaff Vehicles

2018 IEEE Vehicular Networking Conference (VNC) Pub Date : 2018-12-01 DOI:10.1109/VNC.2018.8628449

Christian Vaas, M. Khodaei, Panos Papadimitratos, I. Martinovic

{"title":"Nowhere to hide? Mix-Zones for Private Pseudonym Change using Chaff Vehicles","authors":"Christian Vaas, M. Khodaei, Panos Papadimitratos, I. Martinovic","doi":"10.1109/VNC.2018.8628449","DOIUrl":null,"url":null,"abstract":"In vehicular communication systems, cooperative awareness messages provide contextual information required for transportation safety and efficiency applications. However, without the appropriate design, these messages introduce a new attack vector to compromise passenger privacy. The use of ephemeral credentials – pseudonyms – was therefore proposed, essentially to split a journey into unlinkable segments. To protect segment transitions, encrypted mix-zones provide regions where vehicles can covertly change their pseudonyms. While previous work focused on the placement, shape, and protocols for mix-zones, attacks that correlate vehicles entering and existing these zones still remain a problem. Furthermore, existing schemes have only considered homogeneous traffic, disregarding variations in vehicle density due to differences in driver population, road layout, and time of day. Without realistic experimental results, any conclusion on real-world applicability is precarious. In this paper, we address this challenge and present a novel scheme that works independent of vehicles’ mobility patterns. More precisely, our system generates fictive chaff vehicles when needed and broadcasts their traces, while it remains unobtrusive if sufficiently many vehicles are present. This greatly improves privacy protection in situations with inherently low traffic density, e.g., suburban areas, and during low traffic periods. Our scheme ensure that an external attacker cannot distinguish between real and chaff vehicles, while legitimate vehicles can recognize chaff messages; this is important, because chaff vehicles (and messages) must not affect the operation of safety applications. In our evaluation, we compare our chaff-based approach with an existing cryptographic mix-zone scheme. Our results under realistic traffic conditions show that by introducing fictive vehicles, traffic flow variations can be smoothed and privacy protection can be enhanced up to 76%.","PeriodicalId":335017,"journal":{"name":"2018 IEEE Vehicular Networking Conference (VNC)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Vehicular Networking Conference (VNC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VNC.2018.8628449","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

In vehicular communication systems, cooperative awareness messages provide contextual information required for transportation safety and efficiency applications. However, without the appropriate design, these messages introduce a new attack vector to compromise passenger privacy. The use of ephemeral credentials – pseudonyms – was therefore proposed, essentially to split a journey into unlinkable segments. To protect segment transitions, encrypted mix-zones provide regions where vehicles can covertly change their pseudonyms. While previous work focused on the placement, shape, and protocols for mix-zones, attacks that correlate vehicles entering and existing these zones still remain a problem. Furthermore, existing schemes have only considered homogeneous traffic, disregarding variations in vehicle density due to differences in driver population, road layout, and time of day. Without realistic experimental results, any conclusion on real-world applicability is precarious. In this paper, we address this challenge and present a novel scheme that works independent of vehicles’ mobility patterns. More precisely, our system generates fictive chaff vehicles when needed and broadcasts their traces, while it remains unobtrusive if sufficiently many vehicles are present. This greatly improves privacy protection in situations with inherently low traffic density, e.g., suburban areas, and during low traffic periods. Our scheme ensure that an external attacker cannot distinguish between real and chaff vehicles, while legitimate vehicles can recognize chaff messages; this is important, because chaff vehicles (and messages) must not affect the operation of safety applications. In our evaluation, we compare our chaff-based approach with an existing cryptographic mix-zone scheme. Our results under realistic traffic conditions show that by introducing fictive vehicles, traffic flow variations can be smoothed and privacy protection can be enhanced up to 76%.

查看原文本刊更多论文

无处可藏?使用箔条车辆进行私人假名更改的混合区域

在车辆通信系统中，协作感知信息提供了运输安全和效率应用所需的上下文信息。然而，如果没有适当的设计，这些消息就会引入新的攻击向量，从而危及乘客的隐私。因此，有人提议使用短暂的凭据——假名——从本质上讲，就是把旅程分成不可连接的部分。为了保护段转换，加密混合区域提供了车辆可以秘密更改其假名的区域。虽然之前的工作主要集中在混合区域的位置、形状和协议上，但将进入和存在这些区域的车辆相关联的攻击仍然是一个问题。此外，现有的方案只考虑了同质交通，而忽略了由于驾驶员人数、道路布局和一天中的时间的不同而导致的车辆密度的变化。没有真实的实验结果，任何关于现实适用性的结论都是不稳定的。在本文中，我们解决了这一挑战，并提出了一种独立于车辆移动模式的新方案。更准确地说，我们的系统在需要时产生有效的箔条车辆，并广播它们的踪迹，而如果有足够多的车辆存在，它仍然不会引人注目。这大大提高了在交通密度本来就低的情况下的隐私保护，例如郊区和交通流量低的时期。我们的方案确保外部攻击者无法区分真实车辆和箔条车辆，而合法车辆可以识别箔条消息;这一点很重要，因为箔条车辆(和信息)不能影响安全应用程序的运行。在我们的评估中，我们将基于箔条的方法与现有的加密混合区方案进行了比较。我们在现实交通条件下的结果表明，通过引入虚拟车辆，可以平滑交通流变化，并将隐私保护提高到76%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE Vehicular Networking Conference (VNC)

自引率

0.00%

发文量