Meng Li,Liehuang Zhu,Xiaodong Lin

DOI: https://doi.org/10.1109/tsc.2019.2903060

IF: 11.019

2021-11-01

IEEE Transactions on Services Computing

Abstract:Traffic monitoring system empowers cloud server and drivers to collect real-time driving information and acquire traffic conditions. However, drivers are more interested in local traffic, and sending driving reports to a faraway cloud server wastes a lot of bandwidth and incurs a long response delay. Recently, fog computing is introduced to provide location-sensitive and latency-aware local data management in vehicular crowdsensing, but it incurs new privacy concerns since drivers’ information could be disclosed. Although these messages are encrypted before transmission, malicious drivers can upload false reports to sabotage the systems, and filtering out false encrypted reports remains a challenging issue. To address the problems, we define a new security model and propose a privacy preserving traffic monitoring scheme. Specifically, we utilize short group signature to authenticate drivers in a conditionally anonymous way, adopt a range query technique to acquire driving information in a privacy-preserving way, and integrate it to the construction of a weighted proximity graph at each fog node through a WiFi challenge handshake to filter out false reports. Moreover, we use variant Bloom filters to achieve fast traffic conditions storage and retrieval. Finally, we prove security and privacy, evaluate performance with real-world cloud servers.

computer science, information systems, software engineering

Chuan Zhang,Liehuang Zhu,Jianbing Ni,Cheng Huang,Xuemin Shen

DOI: https://doi.org/10.1109/tvt.2020.3005363

IF: 6.8

2020-01-01

IEEE Transactions on Vehicular Technology

Abstract:Crowdsourcing-based traffic monitoring plays an important role in advanced traffic management systems due to its high accuracy and low costs, but it may expose drivers real identities and sensitive locations that results in the privacy leakage of drivers. In this paper, we propose a crowdsourcing-based traffic monitoring scheme that enables a transportation management center (TMC) to achieve traffic flow statistics at road intersections in an efficient, verifiable, and privacy-preserving manner. Specifically, by integrating a homomorphic encryption primitive and a super-increasing sequence, traffic flow can be flexibly structured and encrypted by drivers, i.e., each drivers travel direction at T-junctions or crossroads is protected. As a middle-ware between drivers and TMC, roadside units (RSUs) are introduced to aggregate and further perturb the aggregated encrypted traffic flow based on a differential privacy mechanism. In this way, TMC is capable of acquiring the traffic flow statistics by decrypting the perturbed encrypted traffic flow, without disclosing each individual drivers traffic information. In addition, based on a lightweight commitment proof, the correctness of the encrypted drivers data can be guaranteed, i.e., a selfish driver cannot arbitrarily manipulate his data to poison the aggregated traffic flow. Finally, security analysis demonstrates that the proposed scheme satisfies all desirable security properties, including confidentiality, verifiability, unlinkability, and traceability. Extensive simulations are also conducted to show that the proposed scheme is efficient in terms of low computation and communication costs.

Chuan Zhang,Liehuang Zhu,Chang Xu,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.48550/arXiv.1902.04663

2019-02-13

Abstract:The explosive growth of vehicle amount has given rise to a series of traffic problems, such as traffic congestion, road safety, and fuel waste. Collecting vehicles' speed information is an effective way to monitor the traffic condition and avoid vehicles being congested, which however may bring threats to vehicles' location and trajectory privacy. Motivated by the fact that traffic monitoring does not need to know each individual vehicle's speed and the average speed would be sufficient, we propose a privacy-preserving traffic monitoring (PPTM) scheme to aggregate vehicles' speeds at different locations. In PPTM, the roadside unit (RSU) collects vehicles' speed information at multiple road segments, and further cooperates with a service provider to calculate the average speed information for every road segment. To preserve vehicles' privacy, both homomorphic Paillier cryptosystem and super-increasing sequence are adopted. A comprehensive security analysis indicates that the proposed PPTM can preserve vehicles' identities, speeds, locations, and trajectories privacy from being disclosed. In addition, extensive simulations are conducted to validate the effectiveness and efficiency of the proposed PPTM scheme.

Cryptography and Security

Sashi Gurung,Dan Lin,Wei Jiang,Ali Hurson,Rui Zhang

DOI: https://doi.org/10.1145/2542666

IF: 5

2014-10-01

ACM Transactions on Intelligent Systems and Technology

Abstract:We are experiencing the expanding use of location-based services such as AT&T’s TeleNav GPS Navigator and Intel’s Thing Finder. Existing location-based services have collected a large amount of location data, which has great potential for statistical usage in applications like traffic flow analysis, infrastructure planning, and advertisement dissemination. The key challenge is how to wisely use the data without violating each user’s location privacy concerns. In this article, we first identify a new privacy problem, namely, the inference-route problem, and then present our anonymization algorithms for privacy-preserving trajectory publishing. The experimental results have demonstrated that our approach outperforms the latest related work in terms of both efficiency and effectiveness.

computer science, information systems, artificial intelligence

Yapei Huang,Yun Tian,Zhijie Liu,Xiaowei Jin,Yanan Liu,Shifeng Zhao,Daxin Tian

DOI: https://doi.org/10.1145/3391707

IF: 5

2020-08-31

ACM Transactions on Intelligent Systems and Technology

Abstract:Acquiring traffic condition information is of great significance in transportation guidance, urban planning, and route recommendation. To date, traffic density data are generally acquired by road sound analysis, video data analysis, or in-vehicle network communication, which are usually financially or temporally expensive. Another way to get traffic conditions is to collect track data by crowdsourcing. However, this way lead to a greater risk of leaking users’ privacy. To avoid the risk, this article proposes a traffic density estimation model based on crowdsourcing privacy protection. First, in the acquisition process of the track data by crowdsourcing, dual servers are employed for transmission, and homomorphic encryption is carried out to encrypt the data to protect the data from being leaked during transmission. Second, sampling is implemented for randomization and anonymization to reduce the spatial continuity and temporal continuity of position data. In this way, the intermediate server cannot acquire users’ original data, and the main server cannot obtain users’ personal information. Finally, before data transmission, Laplace noising is performed on the users’ local position data to further protect the original location information. The proposed algorithm in this study realizes that only users have their original track data, and the servers involved in the work cannot infer the original track data, which ensures the real security of user privacy. The proposed algorithm was verified with the track data from the Didi Gaia Data Opening Plan. The experimental results showed that the proposed algorithm could still maintain the validity of data analysis results and the security of user data privacy after homomorphic encryption, noise addition, and sample collection, and displayed good robustness and scalability.

computer science, information systems, artificial intelligence

Yilei Wang,Hao Zhou,Yingjie Wu,Lan Sun

DOI: https://doi.org/10.1109/iccse.2012.6295197

2012-01-01

Abstract:Recently, several techniques have been proposed to protect the user location privacy for location-based services in road network environments. A typical approach for user location privacy protection is to blur a user location into a cloaked set of road segments S such that S satisfies the user specified privacy requirements. However, these location cloaking algorithms work with snapshot locations only and do not consider the effect of continuous location updates. Applying these algorithms directly to continuous queries would lead to privacy leakage if attackers have knowledge about maximum user velocity, namely velocity-based Attack. In this paper, we present the privacy safety condition to defend against velocity-based attack, and propose an anonymity algorithm based on greedy strategy to preserve user privacy. The experiment results based on dataset of real network show the algorithm is effective and feasible.

Liehuang Zhu,Chuan Zhang,Chang Xu,Xiaojiang Du,Nadra Guizani,Kashif Sharif

DOI: https://doi.org/10.1109/mwc.001.1900123

IF: 12.777

2019-01-01

IEEE Wireless Communications

Abstract:With the explosive growth of vehicles, traffic monitoring has garnered significant attention in recent years. Collecting vehicular speed is an effective way to monitor traffic conditions and help vehicles to find optimal routes. However, further progress may be impeded due to users' privacy concerns. In addition, traffic monitoring is more difficult in a self-organizing VANET, since there is no centralized entity to collect and analyze the speed information. In this article, we mainly focus on privacy-preserving traffic monitoring in self-organizing VANETs. To address the unique features and security requirements of VANETs, we incorporate the homomorphic encryption, data perturbation, and super-increasing sequence in the proposed novel solution to resolve the challenges of efficient and privacy-preserving traffic monitoring. Security analysis shows that not only can our solution preserve vehicles' identities, locations, and data privacy, but it is also effective in mitigating collusion attacks. Moreover, experimental results confirm the efficiency of our solution in terms of computation and communication costs. Last but not least, some interesting challenges along with potential solutions are discussed, aiming to attract more research in this emerging area.

Joshua Joy,Ciaran McGoldrick,Mario Gerla

DOI: https://doi.org/10.48550/arXiv.1607.02805

2016-07-11

Cryptography and Security

Abstract:Smart cities rely on dynamic and real-time data to enable smart urban applications such as intelligent transport and epidemics detection. However, the streaming of big data from IoT devices, especially from mobile platforms like pedestrians and cars, raises significant privacy concerns. Future autonomous vehicles will generate, collect and consume significant volumes of data to be utilized in delivering safe and efficient transportation solutions. The sensed data will, inherently, contain personally identifiable and attributable information - both external (other vehicles, environmental) and internal (driver, passengers, devices). The autonomous vehicles are connected to the infrastructure cloud (e.g., Amazon), the edge cloud, and also the mobile cloud (vehicle to vehicle). Clearly these different entities must co-operate and interoperate in a timely fashion when routing and transferring the highly dynamic data. In order to maximise the availability and utility of the sensed data, stakeholders must have confidence that the data they transmit, receive, aggregate and reason on is appropriately secured and protected throughout. There are many different metaphors for providing end-to-end security for data exchanges, but they commonly require a management and control sidechannel. This work proposes a scalable smart city privacy-preserving architecture named Authorized Analytics that enables each node (e.g. vehicle) to divulge (contextually) local privatised data. Authorized Analytics is shown to scale gracefully to IoT scope deployments.

Josh Joy,Mario Gerla

DOI: https://doi.org/10.48550/arXiv.1604.04892

2016-04-17

Cryptography and Security

Abstract:In today's digital world, personal data is being continuously collected and analyzed without data owners' consent and choice. As data owners constantly generate data on their personal devices, the tension of storing private data on their own devices yet allowing third party analysts to perform aggregate analytics yields an interesting dilemma. This paper introduces PAS-MC, the first practical privacy-preserving and anonymity stream analytics system. PAS-MC ensures that each data owner locally privatizes their sensitive data before responding to analysts' queries. PAS-MC also protects against traffic analysis attacks with minimal trust vulnerabilities.We evaluate the scheme over the California Transportation Dataset and show that we can privately and anonymously stream vehicular location updates yet preserve high accuracy.

Matthew Tsao,Kaidi Yang,Karthik Gopalakrishnan,Marco Pavone

DOI: https://doi.org/10.48550/arXiv.2202.13305

2022-03-15

Abstract:Data-driven methodologies offer many exciting upsides, but they also introduce new challenges, particularly in the realm of user privacy. Specifically, the way data is collected can pose privacy risks to end users. In many routing services, a single entity (e.g., the routing service provider) collects and manages user trajectory data. When it comes to user privacy, these systems have a central point of failure since users have to trust that this entity will not sell or use their data to infer sensitive private information. Unfortunately, in practice many advertising companies offer to buy such data for the sake of targeted advertisements. With this as motivation, we study the problem of using location data for routing services in a privacy-preserving way. Rather than having users report their location to a central operator, we present a protocol in which users participate in a decentralized and privacy-preserving computation to estimate travel times for the roads in the network in a way that no individuals' location is ever observed by any other party. The protocol uses the Laplace mechanism in conjunction with secure multi-party computation to ensure that it is cryptogrpahically secure and that its output is differentially private. A natural question is if privacy necessitates degradation in accuracy or system performance. We show that if a road has sufficiently high capacity, then the travel time estimated by our protocol is provably close to the ground truth travel time. We validate the protocol through numerical experiments which show that using the protocol as a routing service provides privacy guarantees with minimal overhead to user travel time.

Cryptography and Security,Systems and Control

Josh Joy,Dylan Gray,Ciaran McGoldrick,Mario Gerla

DOI: https://doi.org/10.48550/arXiv.1710.03322

2018-02-22

Abstract:Future autonomous vehicles will generate, collect, aggregate and consume significant volumes of data as key gateway devices in emerging Internet of Things scenarios. While vehicles are widely accepted as one of the most challenging mobility contexts in which to achieve effective data communications, less attention has been paid to the privacy of data emerging from these vehicles. The quality and usability of such privatized data will lie at the heart of future safe and efficient transportation solutions. In this paper, we present the XYZ Privacy mechanism. XYZ Privacy is to our knowledge the first such mechanism that enables data creators to submit multiple contradictory responses to a query, whilst preserving utility measured as the absolute error from the actual original data. The functionalities are achieved in both a scalable and secure fashion. For instance, individual location data can be obfuscated while preserving utility, thereby enabling the scheme to transparently integrate with existing systems (e.g. Waze). A new cryptographic primitive Function Secret Sharing is used to achieve non-attributable writes and we show an order of magnitude improvement from the default implementation.

Cryptography and Security

Meisam Mohammady,Reza Arablouei

DOI: https://doi.org/10.14722/vehiclesec.2023.23052

2023-02-20

Abstract:We estimate vehicular traffic states from multimodal data collected by single-loop detectors while preserving the privacy of the individual vehicles contributing to the data. To this end, we propose a novel hybrid differential privacy (DP) approach that utilizes minimal randomization to preserve privacy by taking advantage of the relevant traffic state dynamics and the concept of DP sensitivity. Through theoretical analysis and experiments with real-world data, we show that the proposed approach significantly outperforms the related baseline non-private and private approaches in terms of accuracy and privacy preservation.

Cryptography and Security,Systems and Control,Statistics Theory,Methodology

Hongning Li,Tonghui Hu,Jiexiong Chen,Xiuqiang Wu,Qingqi Pei,Debiao He

DOI: https://doi.org/10.23919/cje.2022.00.007

IF: 1.019

2024-01-01

Chinese Journal of Electronics

Abstract:The scarcity of spectrum resources fails to meet the increasing throughput demands of vehicular networks. There is an urgent need to maximize the utilization of spectrum bands in mobile networks. To ascertain the availability of spectrum bands, users should engage in wireless channel sensing and collaboration. However, spectrum sensing data always involves users' privacy, such as their location. This paper first introduces sensing trajectory inference attack in cognitive vehicular networks and then proposes a data confusion-based privacy-preserving algorithm and a cryptonym array-based privacy-preserving aggregation scheme for spectrum sensing in cognitive vehicular networks. Unlike existing methods, the proposed schemes transmit confused data during the aggregation process. This deliberate obfuscation makes it almost impossible to infer users' location from the transmitted data. The analysis demonstrates the resilience of the proposed schemes against sensing trajectory inference attack.

engineering, electrical & electronic

Huan Gao,Zhaojian Li,Yongqiang Wang

DOI: https://doi.org/10.48550/arXiv.2008.02928

2020-08-07

Systems and Control

Abstract:Road information such as road profile and traffic density have been widely used in intelligent vehicle systems to improve road safety, ride comfort, and fuel economy. However, vehicle heterogeneity and parameter uncertainty make it extremely difficult for a single vehicle to accurately and reliably measure such information. In this work, we propose a unified framework for learning-based collaborative estimation to fuse local road estimation from a fleet of connected heterogeneous vehicles. The collaborative estimation scheme exploits the sequential measurements made by multiple vehicles traversing the same road segment and let these vehicles relay a learning signal to iteratively refine local estimations. Given that the privacy of individual vehicles' identity must be protected in collaborative estimation, we directly incorporate privacy-protection design into the collaborative estimation design and establish a unified framework for privacy-preserving collaborative estimation. Different from patching conventional privacy mechanisms like differential privacy which will compromise algorithmic accuracy or homomorphic encryption which will incur heavy communication/computational overhead, we leverage the dynamical properties of collective estimation to enable inherent privacy protection without sacrificing accuracy or significantly increasing communication/computation overhead. Numerical simulations confirm the effectiveness and efficiency of our proposed framework.

Qilong Han,Qianqian Chen,Kejia Zhang,Xiaojiang Du,Nadra Guizani

DOI: https://doi.org/10.48550/arXiv.1804.02052

2018-04-05

Cryptography and Security

Abstract:Collection of user's location and trajectory information that contains rich personal privacy in mobile social networks has become easier for attackers. Network traffic control is an important network system which can solve some security and privacy problems. In this paper, we consider a network traffic control system as a trusted third party and use differential privacy for protecting more personal trajectory data. We studied the influence of the high dimensionality and sparsity of trajectory data sets based on the availability of the published results. Based on similarity point aggregation reconstruction ideas and a prefix tree model, we proposed a hybrid publishing method of differential privacy spatiotemporal trajectory data sets APTB.

George Drosatos,Pavlos S. Efraimidis,Ioannis N. Athanasiadis,Matthias Stevens,Ellie D’Hondt

DOI: https://doi.org/10.1016/j.jss.2014.01.035

IF: 3.5

2014-06-01

Journal of Systems and Software

Abstract:This paper presents a privacy-preserving system for participatory sensing, which relies on cryptographic techniques and distributed computations in the cloud. Each individual user is represented by a personal software agent, deployed in the cloud, where it collaborates on distributed computations without loss of privacy, including with respect to the cloud service providers. We present a generic system architecture involving a cryptographic protocol based on a homomorphic encryption scheme for aggregating sensing data into maps, and demonstrate security in the Honest-But-Curious model both for the users and the cloud service providers. We validate our system in the context of NoiseTube, a participatory sensing framework for noise pollution, presenting experiments with real and artificially generated data sets, and a demo on a heterogeneous set of commercial cloud providers. To the best of our knowledge our system is the first operational privacy-preserving system for participatory sensing. While our validation pertains to the noise domain, the approach used is applicable in any crowd-sourcing application relying on location-based contributions of citizens where maps are produced by aggregating data – also beyond the domain of environmental monitoring.

computer science, theory & methods, software engineering

Wentian Chen,Kai Zhang,Zhiheng Li

DOI: https://doi.org/10.1109/ieem.2018.8607826

2018-01-01

Abstract:In this era of big data, the conflict between data acquisition and privacy protection has attracted great attention. This paper proposes a Traffic Voting System (TVS) to help collect trip chain data and encourage travelers to share their information voluntarily. Travelers in the TVS will probably choose to share their travel information in exchange of less waiting time, as is proved by game theories. Trip chain data are collected by the TVS and this type of data is quite useful in traffic design and management. A comparison of TVS and other two similar systems is introduced in this paper. It is illustrated that the TVS is a traveler-centric system and is robust to deal with many complex situations in the traffic system.

Ren-Hung Hwang,Yu-Ling Hsueh,Hao-Wei Chung

DOI: https://doi.org/10.1109/tsc.2013.55

IF: 11.019

2014-04-01

IEEE Transactions on Services Computing

Abstract:Location-based services (LBS) which bring so much convenience to our daily life have been intensively studied over the years. Generally, an LBS query processing can be categorized into snapshot and continuous queries which access user location information and return search results to the users. An LBS has full control of the location information, causing user privacy concerns. If an LBS provider has a malicious intention to breach the user privacy by tracking the users' routes to their destinations, it incurs a serious threat. Most existing techniques have addressed privacy protection mainly for snapshot queries. However, providing privacy protection for continuous queries is of importance, since a malicious LBS can easily obtain complete user privacy information by observing a sequence of successive query requests. In this paper, we propose a comprehensive trajectory privacy technique and combine ambient conditions to cloak location information based on the user privacy profile to avoid a malicious LBS reconstructing a user trajectory. We first propose an r-anonymity mechanism which preprocesses a set of similar trajectories R to blur the actual trajectory of a service user. We then combine k-anonymity with s road segments to protect the user's privacy. We introduce a novel time-obfuscated technique which breaks the sequence of the query issuing time for a service user to confuse the LBS so it does not know the user trajectory, by sending a query randomly from a set of locations residing at the different trajectories in R. Despite the randomness incurred from the obfuscation process for providing strong trajectory privacy protection, the experimental results show that our trajectory privacy technique maintains the correctness of the query results at a competitive computational cost.

computer science, information systems, software engineering

Christopher Bian,Albert Cheu,Yannis Guzman,Marco Gruteser,Peter Kairouz,Ryan McKenna,Edo Roth

2024-07-04

Abstract:Environmental Insights Explorer (EIE) is a Google product that reports aggregate statistics about human mobility, including various methods of transit used by people across roughly 50,000 regions globally. These statistics are used to estimate carbon emissions and provided to policymakers to inform their decisions on transportation policy and infrastructure. Due to the inherent sensitivity of this type of user data, it is crucial that the statistics derived and released from it are computed with appropriate privacy protections. In this work, we use a combination of federated analytics and differential privacy to release these required statistics, while operating under strict error constraints to ensure utility for downstream stakeholders. In this work, we propose a new mechanism that achieves $ \epsilon \approx 2 $-DP while satisfying these strict utility constraints, greatly improving over natural baselines. We believe this mechanism may be of more general interest for the broad class of group-by-sum workloads.

Cryptography and Security,Databases

Cheng Wei,Tao Wu,Xingyu Liu,Shuo Xiong

DOI: https://doi.org/10.1109/access.2022.3150839

IF: 3.9

2022-01-01

IEEE Access

Abstract:With the occurrence of information leakage events of online ride-hailing, the information security of Internet of Vehicles has been highly valued by the society. Once the information of the Internet of Vehicles is exposed by the online ride-hailing platform or stolen by hackers, it will pose a fatal threat to the personal and property safety of users, and even cause a major information security accident to the whole society. Based on a post-quantum cryptography system, this paper proposes a practical privacy protection scheme for ride-hailing route information, which can present the complete statistical aggregation operation of the route and the frequency from the starting point to the destination without the visibility of the ride-hailing platform, and ensure the data privacy security of a single vehicle. Compared with representative multi-vehicle aggregation solutions, we not only guarantee message privacy, confidentiality, integrity, forward and backward security, anti-man in attack and anti-redial attack, but also achieve multi-dimensional aggregation, CCA security and anti-quantum attack. Through the analysis of the experiment, the cost of our scheme is reasonable. Therefore, the scheme is more practical in this scenario.

computer science, information systems,telecommunications,engineering, electrical & electronic