Formal Analysis of Privacy for Vehicular Mix-Zones

Dahl, Morten; Delaune, Stéphanie; Steel, Graham

doi:10.1007/978-3-642-15497-3_4

Cited by 26 publications

(13 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The second simplifying abstraction appears to be reasonable since TPMs can be simulated by the adversarial context. Indeed, this is a typical simplification in symbolic models, for example, definitions of ballot secrecy for electronic voting [KR05, DKR06, BHM08] and privacy for vehicular ad hoc networks [DDS10] also fix the set of honest participants. However, it is unknown if these simplifications are sound.…”

Section: Linkmentioning

confidence: 99%

Formal analysis of privacy in Direct Anonymous Attestation schemes

Smyth

Ryan

Chen

2015

Science of Computer Programming

View full text Add to dashboard Cite

This article introduces a definition of privacy for Direct Anonymous Attestation schemes. The definition is expressed as an equivalence property which is suited to automated reasoning using Blanchet's ProVerif. The practicality of the definition is demonstrated by analysing the RSAbased Direct Anonymous Attestation protocol by Brickell, Camenisch & Chen. The analysis discovers a vulnerability in the RSA-based scheme which can be exploited by a passive adversary and, under weaker assumptions, corrupt issuers and verifiers. A security fix is identified and the revised protocol is shown to satisfy our definition of privacy.

show abstract

Section: Linkmentioning

confidence: 99%

Formal analysis of privacy in Direct Anonymous Attestation schemes

Smyth

Ryan

Chen

2015

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…Equivalences have already been used to model privacy properties in formal analysis for e.g. vehicular mix-zones [10] and electronic voting [11,15]. The precise notion used is often observational equivalence but as we will explain, it happens that this notion is too strong to analyse interactive zero-knowledge protocols.…”

Section: Privacy For Interactive Zero-knowledge Protocolsmentioning

confidence: 99%

“…In this paper, we bring the privacy analysis of location-based services into the world of formal methods, leveraging previous work on privacy for vehicular mix-zones [10], electronic voting [11,15], and RFID tags [3,8]. In particular, we concentrate on VPriv [7], a proposed scheme for building location-based services using zero-knowledge techniques, designed to ensure that the paths of drivers are not revealed to the service providers, while nonetheless preventing drivers from reporting fake paths.…”

Section: Introductionmentioning

confidence: 99%

Formal Analysis of Privacy for Anonymous Location Based Services

Dahl

Delaune

Steel

2012

Theory of Security and Applications

Self Cite

View full text Add to dashboard Cite

Abstract. We propose a framework for formal analysis of privacy in location based services such as anonymous electronic toll collection. We give a formal definition of privacy, and apply it to the VPriv scheme for vehicular services. We analyse the resulting model using the ProVerif tool, concluding that our privacy property holds only if certain conditions are met by the implementation. Our analysis includes some novel features such as the formal modelling of privacy for a protocol that relies on interactive zero-knowledge proofs of knowledge and list permutations.

show abstract

“…Given the presence of a global passive adversary, Freudiger et al [6] proposed the CMIX protocol to create cryptographic mix zones at road intersections. Dahl et al [20] improved the cryptographic approach by fixing the key establishment protocol in CMIX. A more sophisticated protocol, MobiMix [7], improved attack resilience by considering various factors, e.g., traffic density, user moving patterns, and etc.…”

Section: Related Workmentioning

confidence: 99%

Traffic-aware multiple mix zone placement for protecting location privacy

Liu

Zhao

Pan

et al. 2012

2012 Proceedings IEEE INFOCOM

View full text Add to dashboard Cite

Abstract-Privacy protection is of critical concern to LocationBased Service (LBS) users in mobile networks. Long-term pseudonyms, although appear to be anonymous, in fact empower third-party service providers to continuously track users' movements. Researchers have proposed the mix zone model to allow pseudonym changes in protected areas. In this paper, we investigate a new form of privacy attack to the LBS system that an adversary reveals a user's true identity and complete moving trajectory with the aid of side information. We propose a new metric to quantify the system's resilience to such attacks, and suggest using multiple mix zones to tackle this problem. A mathematical model is presented that treats the deployment of multiple mix zones as a cost constrained optimization problem. Furthermore, the influence of traffic density is also taken into account to enhance the protection effectiveness. The placement optimization problem is NP-hard. We therefore design two heuristic algorithms as practical and effective means to strategically select mix zone locations, and consequently reduce the privacy risks of mobile users trajectories. The effectiveness of our proposed solutions is demonstrated through extensive simulations on real-world mobile user data traces.

show abstract

Formal Analysis of Privacy for Vehicular Mix-Zones

Cited by 26 publications

References 14 publications

Formal analysis of privacy in Direct Anonymous Attestation schemes

Formal analysis of privacy in Direct Anonymous Attestation schemes

Formal Analysis of Privacy for Anonymous Location Based Services

Traffic-aware multiple mix zone placement for protecting location privacy

Contact Info

Product

Resources

About