PPLS: A Privacy-Preserving Location-Sharing Scheme in Vehicular Social Networks

04/06/2018 ∙ by Chang Xu, et al. ∙ Beijing Institute of Technology 0

Recent advances in Socially Aware Networks (SANs) have allowed its use in many domains, out of which social Internet of vehicles (SIOV) is of prime importance. SANs can provide a promising routing and forwarding paradigm for SIOV by using interest-based communication. Though able to improve the forwarding performance, existing interest-based schemes fail to consider the important issue of protecting users' interest information. In this paper, we propose a PRivacy-preserving Interest-based Forwarding scheme (PRIF) for SIOV, which not only protects the interest information, but also improves the forwarding performance. We propose a privacy-preserving authentication protocol to recognize communities among mobile nodes. During data routing and forwarding, a node can know others' interests only if they are affiliated with the same community. Moreover, to improve forwarding performance, a new metric community energy is introduced to indicate vehicular social proximity. Community energy is generated when two nodes encounter one another and information is shared among them. PRIF considers this energy metric to select forwarders towards the destination node or the destination community. Security analysis indicates PRIF can protect nodes' interest information. In addition, extensive simulations have been conducted to demonstrate that PRIF outperforms the existing algorithms including the BEEINFO, Epidemic, and PRoPHET.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 5

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

With the fast development & deployment of mobile computing, vehicular ad hoc networks have become important data transmission platforms and greatly promote the realization of Intelligent Transport System (ITS). Recently, the application goal of vehicular ad hoc networks JamilJUR17 transforms from simply improving the safety of road traffic and the efficiency of transportation to vehicular social networks (VSNs), which deeply integrates the Internet of Vehicles (IoVs) HaouariMSBG17 and social networks. Through VSNs, vehicles can experience more comprehensive services.

VSNs can provide various services SedjelmaciSA14 ; zhang2017inbar , including location-based services (LBSs). In LBSs, geographical locations of vehicles are exploited to provide information and entertainment services, since the location of a vehicle usually represents its contextual information DBLP:journals/wicomm/HoangLNW13 . As millions of applications based on LBSs are available, vehicles can easily obtain information such as restaurants, hotels, etc. In fact, as a fundamental component of VSNs, LBSs have become increasingly popular and important.

While enjoying the convenience of location-based services, the privacy threats should not be ignored DuC08 . Especially after some research work huang2014achieving ; wu2014mobifish ; wu2014security revealing horrifying security and privacy issues which have caused serious public concerns. In LBSs, users are expected to update their real-time location information and share it for better services. However, disclosing the location information is dangerous, since an adversary can track an individual and infer his/her preferences. This threat becomes more serious in VSNs as vehicles’ location can be correlated with their profiles DBLP:conf/interact/BarkhuusD03 . Hence, it is essential to protect vehicles’ location privacy ChenZDFLY12 ; ZhangXYD16 ; ZhangXZSD15 in VSNs.

To address these problems, a series of research works have been performed. A MobiShare system was presented by Wei et al. Wei2012MobiShare , allowing users to share location information flexibly. Inspired by Wei2012MobiShare , Shen et al. shen2016efficient ; DBLP:conf/3pgcic/LiuLCLJ13 proposed a system called N-Mobishare. Li et al. li2014mobishare proposed MobiShare+ which reduces the security risk of MobiShare. In 2016, Liu et al. liu2016n provided a system called BMobishare. Recently, Li et al. DBLP:journals/sj/LiYLCHW17 proposed a more secure location-sharing scheme. The aforementioned systems support two kinds of queries, i.e., friends’ queries and strangers’ queries, and also satisfy access control policy. Aside from all listed above, du2009transactions ; xiao2007survey ; du2007effective also provide efficient way for key management which bring support for cryptographic solutions.

However, these mechanisms are not perfect. Firstly, the threshold distance is a personal preference of each vehicle (to establish a social circle), but this is used as public information for location service entities in the system. When the threshold distance set by a vehicle is a special number, or the threshold distances set for different targets are in a special data group, the adversary can track the data or data group to identify vehicles. Secondly, threshold distance is used by a vehicle to determine with whom they are willing to share locations. Some schemes use broadcast encryption to share personal location information, which violates the distance-based access control policy. Finally, it is far from actual application requirements that all systems mentioned above use a single threshold distance for all friends. Vehicles may wish to set different threshold distances for different friends.

Our contributions: Motivated by these issues, we propose a privacy-preserving location-sharing scheme in VSNs, namely PPLS. The contributions are described as follows.

  1. In previous research, a vehicle can only set a single threshold distance for all friends. However, this setting does not meet the actual needs. To improve the practicability of the system, our scheme allows vehicles to set different threshold distances for different friends. In our scheme, vehicles can use a more flexible strategy to achieve access control.

  2. Since existing works do not consider the privacy of the threshold distance, an adversary can easily collect threshold distances to get more personal information of vehicles. To overcome this defect, we propose a new secure distance comparison protocol to execute encrypted distance comparison and prevent location servers from determining this sensitive data.

  3. Based on the proposed secure distance comparison protocol, we propose the PPLS scheme. In PPLS, vehicles are allowed to set different threshold distances for different friends, and broadcast encryption is not used, while diverse queries are used for information retrieval.

This paper is organized in the following sections. In Section 2, we provide the system models and design goals. In Section 3, we present the building blocks including the proposed secure distance comparison protocol. Section 4 introduces the PPLS scheme and Section 5 gives its security analysis. In Section 6, performance analysis is provided. Finally, we draw a conclusion in Section 7.

2 System Models and Design Goals

This section presents the formal system architecture, system work flows, and the threat model for location privacy. We also identify and list the security goals for the proposed scheme.

2.1 System Architecture

The system architecture is depicted in Figure 1 where four main entities interact with each other.

Vehicles

The vehicles of VSNs, can communicate with roadside units (RSUs) directly. They can get their own locations from GPS and request for locations of specific friends, nearby friends and strangers.

RSUs

After RSUs receive requests from vehicles, they forward them towards the social network server, then return the received responses to vehicles.

Social network server (SNS)

SNS is responsible for managing vehicles’ social relationships, such as profiles and friend lists. SNS can communicate with RSUs and location servers directly.

Location servers (LSs)

These servers primarily manage vehicles’ location information. They calculate location distances and related tasks of finding vehicles within a certain area, which are assigned by SNS. LSs communicate with SNS directly, but different LSs are not allowed to cooperate with each other for information exchange.

Figure 1: System architecture

Constraints: In our system, SNS should not be aware of the vehicle locations. Moreover, LSs are not aware about vehicles’ identity-related information. Vehicles may submit three types of queries: 1) request for particular friends’ locations, 2) request for nearby friends’ locations, and 3) request for nearby strangers’ locations.

2.2 System Workflows

In light of the proposed architecture, five main workflows are defined.

  1. Vehicles must initially register with SNS for location based service. The registration process requires submitting personal identification information and make effective proof of authenticity. Moreover, vehicles must also define their access control policies. SNS maintains a database and processes vehicles’ personal information. SNS registers all vehicles with the LS, using pseudo-identities and initial location information.

  2. When arriving at a new place or after a specified time period, vehicles need to update their information. In this regard, SNS maintains the new relationships and threshold distances of vehicles, whereas LSs maintain the new location information.

  3. When a vehicle intends to obtain the location of a friend, they submit a query for that particular vehicle. If the requester meets the access control policies of their friends, they can obtain the location information.

  4. When a vehicle intends to obtain nearby friends current location information, they submit a query for friends within certain distance. If the vehicle meets the access control policies of these required friends, they can get the desired information.

  5. In case of a vehicle requiring nearby stranger’s current location, they submit a query for strangers within specific distance. If the vehicle meets the access control policy of strangers (within distance), they can get the locations of these strangers.

2.3 Threat Model

Out of the listed entities (i.e. vehicles, SNS, & LSs), vehicles are considered to be dishonest. This means that they may try to access the server they do not have the permission to access, and find the location of a target vehicle. Moreover, we assume that SNS and LSs are honest but curious, i.e., they will follow the scheme formally, but try to obtain as much sensitive information as possible. For example, SNS may want to find the location of vehicles, and LSs may want to obtain sensitive information of vehicles. We suppose that SNS and LSs may be compromised by an adversary, but not at the same time. This means that SNS and LSs will not collude with each other. The assumption is reasonable since it is extremely difficult for an adversary to control the two servers at the same time.

2.4 Security Goals

Using the defined threat model as guiding principle, the security goals for location-sharing system are defined as below:

  1. The system should protect vehicles’ location information from SNS and other unauthorized vehicles. Vehicles’ locations cannot be leaked to friends or strangers who do not satisfy the predefined access policy.

  2. SNS provides social relationships related service and should not be able to determine (directly or indirectly) the vehicle locations.

  3. Location servers provide location-based services and should not know vehicles’ social network information and/or identity information.

3 Building Blocks

The main challenge to solve is to implement location-based services while preserving vehicles’ privacy. In the proposed Privacy Preserving Location Sharing (PPLS) scheme, the vehicle sets threshold distances for different friends & strangers, and the threshold values may vary with different targets. It is important to note that, these values may indicate personal emotion tendency towards different targets, and location service providers can collect this data to infer such personal information. Therefore, the threshold distance should be kept private in addition to actual location. To solve this problem, we propose a secure distance comparison protocol based on Paillier encryption. The scheme also makes use of RSA encryption, which is elaborated in a nutshell for comparative understanding.

3.1 RSA Encryption

RSA encryption is a widely used public-key cryptosystem for secure data transmission, where a public and private key pair is used for encryption and decryption. The process is summarized as:

Choose two large prime numbers and , compute . Select random integer such that and , where , and is the greatest common divisor. Compute . The public key is and the private key is .

Encryption

Assume that is a message to encrypt. First, turn

(un-padded plain text) into an integer

(padded plain text) by padding scheme. The ciphertext is .

Decryption

Let be the ciphertext to decrypt, can be recovered by computing . The plain text message can be recovered by reversing the padding scheme.

3.2 Paillier encryption

Paillier public-key cryptosystem is a classical homomorphic semantically secure public-key cryptosystem, and is used in proposed secure distance comparison protocol. This section outlines the basic technique of Paillier public-key cryptosystem.

Choose two large prime numbers and , and compute . Select random integer , , ensure , where , , and is the lowest common multiple. The public key is and the private key is .

Encryption

Assume that is a message to be encrypted where . Select random , then the ciphertext is .

Decryption

Let be the ciphertext to decrypt, where , the plain text message is .

Paillier public-key cryptosystem has the following properties.

Homomorphic addition of plain texts

We can give the value of through and without knowing and .

Homomorphic multiplication of plain texts

We can give the value of through and without knowing .

3.3 Secure Distance Comparison Protocol

In our system, LSs need to compare the distance between two vehicles with the corresponding threshold distance to effectively provide services. To preserve vehicles’ privacy, we propose a secure distance comparison protocol (as shown in Protocol 1) based on lipmaa2003verifiable and golle2006private . Let be threshold distance, be a generator of a cyclic group , and be the actual distance. We set and as integers. is a key generation algorithm. is the Paillier encryption algorithm, and is the Paillier decryption algorithm. is the space of random coins. is a probabilistic polynomial time algorithm with , and is the security parameter.

1:Threshold distance ; Actual distance
2: as TRUE or FALSE
3:SNS generates the key pair and a random vale . Let . SNS sends to LS;
4:LS generates random , , computes
for , LS computes and send to SNS;
5:SNS outputs as TRUE, iff is found. Otherwise output FALSE.
Protocol 1 Security distance comparison protocol

4 Privacy-preserving Location-sharing (PPLS) Scheme

In order to preserve the vehicles’ location and social network privacy, the scheme utilizes encryption keys generated by different system entities. The details of each step are given below, and Table 1 lists the notations used in them.

Symbol Description
A vehicle’s social network identifier
A vehicle’s pseudo-identifier
SNS Social network server
LSs Location servers
Threshold distance for a friend
Threshold distance for strangers
A vehicle’s public-private key pair
SNS’s public-private key pair
LS’s public-private key pair
The time length for LS to save a record
Time stamp
Vehicles’ location update cycle
Location of a vehicle
Distance between and
Paillier encryption algorithm
Paillier decryption algorithm
Table 1: Summary of notations
Initialization:

Each vehicle has their identifier and a public-private key pair which can later be updated. Assume SNS and LSs serve a designated area, and vehicles’ group is represented as . LS has a public-private key pair and all vehicles know LS’s .

Registration:

When a vehicle with an identifier intends to use the system’s services, they need to register with the SNS first. Registration is in the form of , where and are ’s location & public key (respectively) encrypted by LS’s public key, is ’s friend list, is ’s threshold distance for friend within which they are willing to share location with , is the threshold distance for strangers with which is willing to reveal its location to strangers, is a time stamp, and is a signature generated on . SNS holds a database to save vehicles’ threshold distances.

SNS confirms the request. If the signature is valid, SNS generates a registration request to LS. The request is in the form of , in which is ’s pseudo-identity generated by and is a random value. is the time limit for which the record will be held. LSs can timely remove the expired data and reduce storage overhead. The value of should be set slightly larger than the update cycle.

Update:

For each time period , vehicles need to update their information. Similar to the registration content, each vehicle sends a message to SNS in the form of , where , and represent vehicle’s new location encrypted by LS’s public key, new friendship, and new threshold distances. Without updating , the adversary can associate the vehicle’s s by tracing . If the signature is valid, SNS sends to LSs. LSs save related information in their database.

Request for particular friends:

If a vehicle with an identifier wants to obtain the location(s) of their friend(s) , submits a query for friends’ locations in the form of ,, to SNS, where represents the request type. To handle this request, SNS first recovers the pseudo-identity corresponding to . Then, SNS randomly divides into subsets with different sizes, satisfying , to prevent the adversary from knowing ’s friend relationships. For , SNS computes
, and sends ,, to , where is the th location server in LSs. After receiving the request, performs the following steps:

  1. Decrypt to get ’s current location .

  2. Calculate the distances between and its friends, and save as
    .

  3. Choose parameters and . For , calculate

    Let and send corresponding to SNS.

If and only if there exists which makes , then and satisfies ’s access control policy, otherwise does not satisfy the policy. SNS finds all ’s friends for whom satisfies their access control policies. Then sends those friends’ encrypted locations to SNS. After collecting all results returned by LSs, SNS sends the ciphertexts. decrypts the ciphertexts and gets their requested friend’s location.

Request for friends within specific distance:

If a vehicle with identifier wants to find friends’ locations within a certain distance, then a query for friends’ locations is submitted in the form of ,, to SNS, where indicates the type of request. Similar to request for particular friends’ locations, after grouping friends randomly, SNS sends ,, to . When receiving the request, performs the following steps:

  1. Decrypt to get ’s current location .

  2. Calculate the distances between and all of their friends, and save as .

  3. Choose parameters and . For , calculate

    Let and send corresponding to SNS.

If and only if there exists which makes , then and satisfies ’s access control policy. Furthermore, if , ’s location will be returned. SNS finds all these friends and gets their encrypted locations from . After collecting the results returned by all LSs, SNS sends the final response to , which decrypts the ciphertext with their own private key and gets the friends’ locations.

Request for strangers within specific distance:

If a vehicle wants to find location of stranger(s) who are within distance from them, then submits a strangers’ locations query ,, to SNS. Here is the request type. Since there are too many unfamiliar vehicles around , SNS sends LSs a query ,, first. LSs find all vehicles within distance away from and feed back the result. Then, SNS eliminates ’s friends randomly, and sends to . Assuming a stranger is within distance away from . ’s location is and ’s threshold distance for strangers is . If and only if , returns ’s encrypted location to SNS. SNS then sends the final result to .

5 Security Analysis

The security analysis is provided based on the threat model and security goals. In PPLS, we assume that SNS and LSs. Hence, they do not collude with each other, and are not compromised by the adversary at the same time.

Access control

PPLS allows vehicles to set different threshold distances for different targets. Since SNS and LSs are assumed to be honest but curious, they will follow the protocol formally. That means, only the vehicles who satisfy the access policy can receive the location information and identity information of friends/strangers.

Identity privacy

In PPLS, LSs should not have any knowledge of vehicles’ identity-related information. Pseudo-identity is used when vehicles send update messages or queries. Thus, anonymity is achieved. Though threshold distances may leak identity information (indirectly) of vehicles to the adversary, homomorphic encryption is used to encrypt the sensitive data. Thus, vehicles’ identity privacy is well preserved.

Location privacy

SNS may collude with dishonest vehicles and attempt to obtain the location information of a particular vehicle illegally. When receiving the registration/update messages from vehicles or receiving the responses from LSs, SNS has the chances to access vehicles’ locations. PPLS encrypts vehicles’ locations using asymmetric encryption, which protects location information from SNS.

Social network privacy

The privacy of the social network is preserved by two approaches, which are described as follows.

  1. When a vehicle requests for particular friends or friends/strangers within specific distances, SNS will divide the friends/strangers into random subsets and send these sets to different LSs. These subsets have different sizes and will be sent to LSs randomly. Furthermore, dummy vehicles can be added into the original set. As a result, each LS can only get part of the friend list with dummy vehicles. Since we assume that LS will not collude with each other, LSs are prevented from knowing vehicles’ social networks.

  2. For each time period , vehicles need to update their information. During this phase, SNS assigns each vehicle a new pseudo-identifier, which is different from the original one. As a result, after the time period , for different queries from the same vehicle, the vehicle’s pseudo-identifier and its friends’ pseudo-identifiers become different. Therefore, it is impossible for LSs to determine the information of vehicles’ social networks.

6 Experimental Evaluation

The proposed PPLS scheme uses a number of encryption and decryption steps. To evaluate the real time performance, we have conducted a number of experiments.

6.1 Implementation

In our system, three cryptography schemes are implemented: digital signature, asymmetric encryption, and homomorphic encryption. We use RSA DBLP:conf/eurocrypt/BellareR96 with 1024-bit key size for data encryption, RSA PKCS1-v1-5 for signature, and Paillier with 1024-bit key size for homomorphic encryption. Our simulation is implemented on an Intel Xeon E3-1230v3 running at 3.4 GHz with 8 GB 2133 GHz memory. We use Python 3.5.0 to implement the proposed algorithms. Some PyPI packages are used in our cryptography schemes: for signature, asymmetric encryption and for Paillier encryption.

In our experiments, vehicles can use many effective techniques to obtain locations, such as GPS. We assume that the threshold distance can set as meters with steps of 10 meters or meters with steps of 100 meters. For friends, vehicles may consider choosing a smaller value as the threshold distance. For strangers, vehicles may choose a larger value as the threshold distance.

6.2 Evaluation

As the RSA signing technology used in the registration and update phases can be replaced by any other signing algorithms, we do not analyze the registration and updating phase.

The response time of the system to request for particular friends is related to the number of friends the vehicle requests. The response time to request for friends or strangers within specific distance is related to the size of the request area and the vehicle density within the scope. In essence, this parameter is also based on number of vehicles requested. Therefore, we observe the time spent for entire request process and the time spent for secure distance comparison protocol against different number of requested vehicles. We conduct each experiment 10 times and calculate the average values. The results are shown in Figure 2 and Figure 3, respectively.

Figure 2: Entire request process
Figure 3: Secure distance comparison protocol process

It can be observed from the results that the time spent on the request process increases approximately linearly with the number of vehicles requested, about 0.75 seconds per 10 individuals. The secure distance comparison protocol execution time also increases approximately linearly with the number of vehicles requested, about every 10 individuals with 0.7 seconds. The time spent in implementing the secure distance comparison protocol takes up a large percentage of the system’s time (in order to generate a response). The protocol time-consumption is mainly focused on determining the size relationship between the actual distance and the threshold distance, the traversal encryption of the actual distance in LS and the response decryption in SNS.

7 Related Works

In recent years, mobile computing has changed the future of communications and sevices Zhang2005 ; Xiao2007 , and accordingly promotes the rapid development of vehicular networks, VSNs have experienced an explosive development. Since a vehicle’s location is important information used in VSNs, the issue of protecting vehicles’ location privacy has received considerable attention. Until now, many studies on location privacy protection ju2015location ; rao2015novel have been done, such as location anonymity, information hiding DBLP:journals/ijcomsys/Das17 and so on. Location anonymity is an effective technique for location privacy protection and there are two types of methods to achieve it: 1) -anonymity: The fundamental premise is to mix the real user’s location information into other anonymous users’ location information, which confuses the adversary. This approach is proposed in DBLP:journals/ijufks/Sweene02 by Sweeney in 2002, and then Gruteser et al. used it for location privacy protection in DBLP:conf/mobisys/GruteserG03 . Kido et al. extended -anonymity, and introduced the concept of virtual location DBLP:conf/icde/KidoYS05 . 2) Location encryption: The main idea of Location encryption is to encrypt the users’ location information with some encryption algorithms, such as the algorithm proposed by Khoshgozaran et al. DBLP:conf/ssd/KhoshgozaranS07 using Hilbert curves to encrypt the original location.

By combing the aforementioned methods, a series of research works have been proposed. In 2007, SmokeScreen DBLP:conf/mobisys/CoxDM07 proposed a scheme to protect users’ location privacy and provide location-sharing services for users. Subsequently, Wei et al. proposed MobiShare Wei2012MobiShare , which supports users sharing location information flexibly. In MobiShare, social network server and location server store users’ profiles and location information separately. Hence, neither of the two severs know the complete information of the users. However, this scheme cannot protect users’ social network topologies. Later, based on MobiShare, several mechanisms were proposed, such as N-MobiShare shen2016efficient ; DBLP:conf/3pgcic/LiuLCLJ13 , MobiShare+ li2014mobishare , and B-MobiShare shen2016efficient . In N-MobiShare, cellular tower was not treated as a core component of the system. Social network server took cellular tower’s task and forwarded users’ requests to location server. N-MobiShare used broadcast encryption to share off-line keys to users’ friends. Although N-Mobishare has a simpler structure than MobiShare, it did not solve the problem which MobiShare suffered. That is, the location server can still get users’ social network topologies in the query phase. Inspired by Wei et al.’s solution, Li et al. found that in MobiShare the pseudo-identity of the querying user can be known by LSs in the friend’s query. Hence, they proposed an improved mechanism named MobiShare+ li2014mobishare . Besides dummy locations and identities, this mechanism employed dummy queries. It applied a private set intersection protocol to prevent individual information leaked between the social network sever and the location server. MobiShare+ overcomes the weakpoints of MobiShare and N-MobiShare. However, it incurred excessively long processing time. To solve this problem and improve the transmission efficiency, Shen et al. proposed B-MobiShare shen2016efficient . Bloom Filter was used in this scheme to replace the private set intersection protocol in MobiShare+ and the time cost was reduced. However, B-MobiShare was less efficient than expected, the time cost was still high. In 2017, Li et al. proposed a system with enhanced privacy DBLP:journals/sj/LiYLCHW17 , using multiple location servers to prevent insider attack launched by the service providers.

However, all the above mechanisms do not treat the threshold distance as sensitive data, and work with a single threshold distance for users to set for all of their friends, which is unrealistic in real social networks.

8 Conclusion

Privacy preservation of location sharing in VSNs is an important issue. In this article we propose PPLS, which protects vehicles’ location privacy from SNS and preserves vehicles’ social network privacy from LSs. The scheme allows vehicles to set different threshold distances for different friends, and to enjoy a more flexible access control policy. In order to implement this access control policy, a secure distance comparing protocol is presented. To permit vehicles sharing locations with friends, new queries are designed for particular friends. The security analysis shows that PPLS is secure under a comprehensive security model. Moreover, the experimental evaluation demonstrates the efficiency of PPLS.

References

References