Anonymous Electronic Toll Collection

Document Sample
Anonymous Electronic Toll Collection Powered By Docstoc
					                                      IGNSS 2007 Symposium on GPS/GNSS
                                                      4-6 December 2007




Anonymous Electronic Toll Collection




                   Muhammad Usman Iqbal
                           Samsung Lim
             The University of New South Wales


  School of Surveying & Spatial Information Systems
  The University of New South Wales, Australia
Mobility Pricing vs. Location Privacy




GPS-based Insurance            vehicle parked  Significant location




  Author: Iqbal & Lim   IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 2
             Current Toll Operation




Author: Iqbal & Lim    IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 3
               Electronic Toll Collection
                                           2

           1




                                                                            3




•The convenience of a faster trip is at the cost of loss of anonymity
•Possibility of function creep with storage of identifying data


   Author: Iqbal & Lim          IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 4
Melbourne CityLink’s Credit Card Breach

• An employee passed
  customer credit card details
  for internet shopping sprees


• Federal Privacy Commissioner conducted review
   Made suggestions to improve security
   Suggestions don’t guarantee against future breaches


   Author: Iqbal & Lim     IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 5
    Federal Legislation and Standards

“Wherever it is lawful and practicable, individuals
      must have the option of not identifying
  themselves when entering transactions with an
   organisation” (NPP 8, Federal Privacy Law)

  “The operator should provide customers and
  patrons with the option of anonymous operation
      on either a permanent or casual basis.”
           (Recommendation 4, AS 4721)

    Author: Iqbal & Lim   IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 6
                  Melbourne CityLink




• Anonymous operation widely publicised
• Documents in Victorian Parliament
• ‘Anonymous’ non-existent on Transurban’s website

 Author: Iqbal & Lim      IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 7
               Highway 407, Canada




• Ontario Privacy Commissioner’s Guidelines
• 4 in 6 Million anonymous transponders
• ‘Not popular’ vs. ‘Unrealistic administrative burdens’

Author: Iqbal & Lim        IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 8
              Countering Arguments

NPP not applicable to State Govt Entities
        (e.g Eastern Distributor)

 An organisation must not collect personal
    information unless the information is
 necessary for one or more of its functions or
   activities (NPP 8, Federal Privacy Law)


Author: Iqbal & Lim    IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 9
                      (non) Compliance

 Provider                   NPP 8                       AS - 4721




Author: Iqbal & Lim          IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 10
                        Other ETC Systems

• Dynicash
  – David Chaum’s Blind Digital Signatures
  – Implemented in Denmark and Japan
  – Unsuccessful

• All of them prepaid



  Author: Iqbal & Lim          IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 11
                          Research Aims


•   Cryptographic Techniques
•   Develop anonymous payment protocol
•   Post-paid
•   Minimise Video-based enforcement




    Author: Iqbal & Lim        IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 12
Cryptographic Tools – Zero Knowledge
               Proofs


                      1



                                  2



                                                                   3



Author: Iqbal & Lim       IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 13
  Cryptographic Tools – Blind Digital
             Signatures




Author: Iqbal & Lim   IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 14
                        Protocol Entities



                      Motorist                Toll operator




                  Toll Gantry          Visual Enforcement

Author: Iqbal & Lim              IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 15
                      Protocol Design


   Registration



                          Event



                                            Reconciliation



Author: Iqbal & Lim           IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 16
                      Registration




Author: Iqbal & Lim        IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 17
                      Toll Event




Author: Iqbal & Lim       IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 18
  Spatio-temporal info Stripped



                                                           Position
                                                            + Time




  Spent + spatio-temporal info                             Accounts
                                                           Receivable
Author: Iqbal & Lim        IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 19
              Payment/ Debt Collection




Using Zero Knowledge Proof Technology, Motorist
and Toll Collection Reconcile their accounts.
Same procedure followed for next billing cycle



 Author: Iqbal & Lim      IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 20
                         Protocol Operation

• Toll Company only knows about digital
  signature (fingerprint) of the list of identities
• Toll Gantry receives a different ID for storage
• Motorist’s location cannot be tracked
• Credit-card/Pre-auth like post-pay mechanism
• Motorist who doesn’t engage in debt collection
  forfeits right to travel in future


   Author: Iqbal & Lim           IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 21
                          Concluding Remarks


• Anonymous Post-pay ETC is possible
• Legislation and Standards support it
• A technical solution to a social problem
• Encourages ETC providers to design ‘privacy-
  respecting’ solutions
• Future work: Implement prototype

    Author: Iqbal & Lim           IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 22
                        Acknowledgement

• This work is supported by Omnilink Pty Ltd.




  Author: Iqbal & Lim         IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 23
            Thank you for your time!

• Questions?




  Author: Iqbal & Lim   IGNSS 4-6 December 2007 ,UNSW, Sydney Australia   Page 24