Document Sample
here Powered By Docstoc
					Wireless Location Privacy
  In Vehicular Ad-hoc

                                                                                                                      Presented by:
                                                                                                                      Vinay Amrit
                                                                                                                      A grim Nigam
( B a s e d o n r e s e a r c h w o r k o f J o o - H a n S o n g , V i n c e n t W. S . Wo n g , a n d V i c t o r
                                                 C.M. Leung)
                                                                                                                      Gurusewak Kalra
                      What Is VANET?

 Modern day vehicles are “ Networks on the Wheel”.
 Vehicular Communication System (VCS )
 V2V and V2I are “ad-hoc" in nature.
 Advantages of VCS: Information sharing, Co -operative driving,
  Navigation, Internet access etc.
 Significant progress has been made in Intelligent Transportation
  System(ITS) which makes driving environment safe and efficient .
 For ITS, each vehicle needs to periodically broadcast an
  authenticated safety message, which includes its verifiable identity,
  its current location, speed, and acceleration.
 This Dedicated Short Range Communication System is Vehicular Ad-
  hoc Network.

 Broadcast messages may be used by the adversaries for
  unauthorized location tracking.

 Broadcast messages can be used by attackers to determine the
  locations visited by the vehicles over a period of time using an
  external Wi-Fi network.

 Protecting the location privacy of vehicles is important.

 Lack of privacy may hinder the wide acceptance of VANET

 Policy-based scheme:
 Vehicles specify their location privacy preferences as policies and
  trust that the third party location-based service (LBS) providers
  adhere to these policies.
 Anonymity-based scheme:
 Vehicle mitigates by using a randomly chosen and changing
  identifier, called the pseudonym.
 Pseudonyms may be a set of public keys, network layer addresses
  or link layer addresses and has a predefined generation scheme.
 A solution to protecting the privacy of VANET.
 Changing pseudonym at only one layer pose as an attacker can
  link pseudonyms using the unchanged address at the other layer.

 AMOEBA is a location privacy enhancement scheme.
 Adds random silent period between update of pseudonyms for V2V
 Road networks are classified into Observed Zones & Unobserved
 Zones or Mix Zones.
 Mix Zones are predetermined locations where the vehicles vary
 their directions, speeds and their pseudonyms.
 Difficulty to trace the vehicles that emerge from the mix zone.
 CMIX (Cryptographic MIX-zone), each vehicle obtains a
 public/private key pair from certificate authority (CA) via the road-
 side unit (RSU), to encrypt all messages while they are within the
 mix zone

 K-anonymity   is   the   proposed   location   privacy    enhancement
 Protects location    information    through    spatial   and   temporal
 Considers the neighboring vehicle density as the triggering factor
  for updating the pseudonym.
 Vehicle updates its pseudonym only when there are at least k−1
  distinct neighboring vehicles.
 The beacon message will not be broadcast by the vehicle until a
  certain number of other vehicles have visited the same location.
 The goal is to minimize the probability of successful location
  tracking of a target vehicle by an adversary.

      The density zone consists of M
       ports and N intersections .
      All vehicles can enter and exit the
      density zone only via these ports.
      An intersection is a road junction
       where two or more roads either
       meet or cross.
      k-density zone of vehicle v is the
       area where at least k−1 distinct
       neighboring vehicles always exist .

 GPA aims to locate and track the target vehicles               by
  eavesdropping on their authenticated safety broadcast.
 GPA leverages the deployed infrastructure and utilizes the
  adversarial RSU deployed to track the movement of the target.
 GPA cannot distinguish the target vehicle from other vehicles
  within the density zone due to the change of pseudonym.
 GPA can observe entering and exiting events of vehicles where
  an event is a pair consisting of a port number and a time stamp
  by installing radio receivers at opportune location.
 GPA can attempt to link an entering vehicle and an exiting
  vehicle with certain success probability using delay distribution.

After entering the density zone via port i, each vehicle
 travels at a distance di with constant speed Si which is
 chosen independently from a normal distribution.
From an empirical study on the real freeway traffic can
 can determine inter-arrival time of vehicles to port.
At the intersection, each vehicle chooses the output
 port j with a probability, which can also be estimated.
Similarly, using mathematical models the average signal
 delay can also be determined.

 Vehicles share information      by   broadcasting   local   beacon
  messages periodically.
 A beacon message is a short packet with the current pseudonym
  and location information of the vehicle.
 The default beacon interval in 802.11-based networks is 100 ms.
 Δt is a configurable parameter for various speed of vehicles.
 Each vehicle v determines its or neighboring vehicle count by
  listening for beacon messages from its neighbors.
 This ensures that each vehicle triggers a pseudonym change only
  if there are at least k−1 neighboring vehicles.
 Failure to detect transmission within a predefined timeout value,
  result in decrement of neighboring vehicle count.

 Adversary can observe the entering and exit events
  corresponding to vehicles entering and exiting the density zones
 An entering event consists of the port where the vehicle entered
  the density zone, and the time when it happened.
 An exit event consists of the port where the vehicle left the
  density zone, and the time when it happened.
 The objective of an adversary is to relate exit events to entering
 The adversary may select a target vehicle v and tracks its
  movement until it enters the density zone.
 Within the density zone, the target vehicle may change its
  pseudonym if it satisfies the criteria in the DLP scheme.

 The metric used in proposed model is the probability of
  successful tracking of a target vehicle by an adversary when
  making its decision.
 If the success probability is large, the density zone and changing
  pseudonyms are ineffective
 If the success probability is small, then tracking is difficult and
  the system ensures location privacy.
 The probability of successful tracking cannot be determined
  analytically due to the complexity of the model.
 Simulated runs has been used to determine its empirical value in
  realistic situations.

 Network Topology: A density zone is composed of one intersection
  and four road segments in each direction.
 Mobility Pattern: All vehicles within the density zone are assumed to
  travel at a constant speed given at each segment. At the
  intersection, all vehicles experience the delay based on the signal
  logic of intersection.
 For each exiting vehicle, the adversary chooses a vehicle which can
  minimize the time difference between the average delay.
 Total delay is inversely proportional to the speed of vehicles.
 With an increase in variance of vehicles speed increases, the
  variance of total delay decreases.
 This makes it difficult to find a target vehicle with the highest
  probability as the variance of vehicles’ speed increases.

 Effectiveness of changing pseudonyms to provide location privacy in
 Delay model of vehicles in the density zone to demonstrate the
  effectiveness of changing pseudonyms.
 For evalution, an assumption was made that the adversary has sufficient
  knowledge of delay in density zone.
 Based on this information, an adversary may try to select a vehicle which
  exits the density zone to the target vehicle that entered it earlier.
 Extensive simulation result study shows the probability of successful
  tracking of a target vehicle by an adversary under different scenarios.
 Proposed DLP scheme has a better performance than both Mix-Zone and
  AMOEBA with random silent period in terms of a lower probability of
  successful tracking by an adversary.
 DLP scheme can mitigate the location tracking of vehicles by changing
  pseudonyms based on a threshold in neighboring vehicle count within a
  density zone.

Based on research work of Joo-Han Song, Vincent W.S. Wong, and Victor C.M.

                             Thank You!

Shared By:
jiang lifang jiang lifang