PPLS: A Privacy-Preserving Location-Sharing Scheme in Vehicular Social Networks

1 Introduction

With the fast development & deployment of mobile computing, vehicular ad hoc networks have become important data transmission platforms and greatly promote the realization of Intelligent Transport System (ITS). Recently, the application goal of vehicular ad hoc networks JamilJUR17 transforms from simply improving the safety of road traffic and the efficiency of transportation to vehicular social networks (VSNs), which deeply integrates the Internet of Vehicles (IoVs) HaouariMSBG17 and social networks. Through VSNs, vehicles can experience more comprehensive services.

VSNs can provide various services SedjelmaciSA14 ; zhang2017inbar , including location-based services (LBSs). In LBSs, geographical locations of vehicles are exploited to provide information and entertainment services, since the location of a vehicle usually represents its contextual information DBLP:journals/wicomm/HoangLNW13 . As millions of applications based on LBSs are available, vehicles can easily obtain information such as restaurants, hotels, etc. In fact, as a fundamental component of VSNs, LBSs have become increasingly popular and important.

While enjoying the convenience of location-based services, the privacy threats should not be ignored DuC08 . Especially after some research work huang2014achieving ; wu2014mobifish ; wu2014security revealing horrifying security and privacy issues which have caused serious public concerns. In LBSs, users are expected to update their real-time location information and share it for better services. However, disclosing the location information is dangerous, since an adversary can track an individual and infer his/her preferences. This threat becomes more serious in VSNs as vehicles’ location can be correlated with their profiles DBLP:conf/interact/BarkhuusD03 . Hence, it is essential to protect vehicles’ location privacy ChenZDFLY12 ; ZhangXYD16 ; ZhangXZSD15 in VSNs.

To address these problems, a series of research works have been performed. A MobiShare system was presented by Wei et al. Wei2012MobiShare , allowing users to share location information flexibly. Inspired by Wei2012MobiShare , Shen et al. shen2016efficient ; DBLP:conf/3pgcic/LiuLCLJ13 proposed a system called N-Mobishare. Li et al. li2014mobishare proposed MobiShare+ which reduces the security risk of MobiShare. In 2016, Liu et al. liu2016n provided a system called BMobishare. Recently, Li et al. DBLP:journals/sj/LiYLCHW17 proposed a more secure location-sharing scheme. The aforementioned systems support two kinds of queries, i.e., friends’ queries and strangers’ queries, and also satisfy access control policy. Aside from all listed above, du2009transactions ; xiao2007survey ; du2007effective also provide efficient way for key management which bring support for cryptographic solutions.

However, these mechanisms are not perfect. Firstly, the threshold distance is a personal preference of each vehicle (to establish a social circle), but this is used as public information for location service entities in the system. When the threshold distance set by a vehicle is a special number, or the threshold distances set for different targets are in a special data group, the adversary can track the data or data group to identify vehicles. Secondly, threshold distance is used by a vehicle to determine with whom they are willing to share locations. Some schemes use broadcast encryption to share personal location information, which violates the distance-based access control policy. Finally, it is far from actual application requirements that all systems mentioned above use a single threshold distance for all friends. Vehicles may wish to set different threshold distances for different friends.

Our contributions: Motivated by these issues, we propose a privacy-preserving location-sharing scheme in VSNs, namely PPLS. The contributions are described as follows.

In previous research, a vehicle can only set a single threshold distance for all friends. However, this setting does not meet the actual needs. To improve the practicability of the system, our scheme allows vehicles to set different threshold distances for different friends. In our scheme, vehicles can use a more flexible strategy to achieve access control.
Since existing works do not consider the privacy of the threshold distance, an adversary can easily collect threshold distances to get more personal information of vehicles. To overcome this defect, we propose a new secure distance comparison protocol to execute encrypted distance comparison and prevent location servers from determining this sensitive data.
Based on the proposed secure distance comparison protocol, we propose the PPLS scheme. In PPLS, vehicles are allowed to set different threshold distances for different friends, and broadcast encryption is not used, while diverse queries are used for information retrieval.

This paper is organized in the following sections. In Section 2, we provide the system models and design goals. In Section 3, we present the building blocks including the proposed secure distance comparison protocol. Section 4 introduces the PPLS scheme and Section 5 gives its security analysis. In Section 6, performance analysis is provided. Finally, we draw a conclusion in Section 7.

2 System Models and Design Goals

This section presents the formal system architecture, system work flows, and the threat model for location privacy. We also identify and list the security goals for the proposed scheme.

2.1 System Architecture

The system architecture is depicted in Figure 1 where four main entities interact with each other.

Vehicles

The vehicles of VSNs, can communicate with roadside units (RSUs) directly. They can get their own locations from GPS and request for locations of specific friends, nearby friends and strangers.

RSUs

After RSUs receive requests from vehicles, they forward them towards the social network server, then return the received responses to vehicles.

Social network server (SNS)

SNS is responsible for managing vehicles’ social relationships, such as profiles and friend lists. SNS can communicate with RSUs and location servers directly.

Location servers (LSs)

These servers primarily manage vehicles’ location information. They calculate location distances and related tasks of finding vehicles within a certain area, which are assigned by SNS. LSs communicate with SNS directly, but different LSs are not allowed to cooperate with each other for information exchange.

Constraints: In our system, SNS should not be aware of the vehicle locations. Moreover, LSs are not aware about vehicles’ identity-related information. Vehicles may submit three types of queries: 1) request for particular friends’ locations, 2) request for nearby friends’ locations, and 3) request for nearby strangers’ locations.

2.2 System Workflows

In light of the proposed architecture, five main workflows are defined.

Vehicles must initially register with SNS for location based service. The registration process requires submitting personal identification information and make effective proof of authenticity. Moreover, vehicles must also define their access control policies. SNS maintains a database and processes vehicles’ personal information. SNS registers all vehicles with the LS, using pseudo-identities and initial location information.
When arriving at a new place or after a specified time period, vehicles need to update their information. In this regard, SNS maintains the new relationships and threshold distances of vehicles, whereas LSs maintain the new location information.
When a vehicle intends to obtain the location of a friend, they submit a query for that particular vehicle. If the requester meets the access control policies of their friends, they can obtain the location information.
When a vehicle intends to obtain nearby friends current location information, they submit a query for friends within certain distance. If the vehicle meets the access control policies of these required friends, they can get the desired information.
In case of a vehicle requiring nearby stranger’s current location, they submit a query for strangers within specific distance. If the vehicle meets the access control policy of strangers (within distance), they can get the locations of these strangers.

2.3 Threat Model

Out of the listed entities (i.e. vehicles, SNS, & LSs), vehicles are considered to be dishonest. This means that they may try to access the server they do not have the permission to access, and find the location of a target vehicle. Moreover, we assume that SNS and LSs are honest but curious, i.e., they will follow the scheme formally, but try to obtain as much sensitive information as possible. For example, SNS may want to find the location of vehicles, and LSs may want to obtain sensitive information of vehicles. We suppose that SNS and LSs may be compromised by an adversary, but not at the same time. This means that SNS and LSs will not collude with each other. The assumption is reasonable since it is extremely difficult for an adversary to control the two servers at the same time.

2.4 Security Goals

Using the defined threat model as guiding principle, the security goals for location-sharing system are defined as below:

The system should protect vehicles’ location information from SNS and other unauthorized vehicles. Vehicles’ locations cannot be leaked to friends or strangers who do not satisfy the predefined access policy.
SNS provides social relationships related service and should not be able to determine (directly or indirectly) the vehicle locations.
Location servers provide location-based services and should not know vehicles’ social network information and/or identity information.

3 Building Blocks

The main challenge to solve is to implement location-based services while preserving vehicles’ privacy. In the proposed Privacy Preserving Location Sharing (PPLS) scheme, the vehicle sets threshold distances for different friends & strangers, and the threshold values may vary with different targets. It is important to note that, these values may indicate personal emotion tendency towards different targets, and location service providers can collect this data to infer such personal information. Therefore, the threshold distance should be kept private in addition to actual location. To solve this problem, we propose a secure distance comparison protocol based on Paillier encryption. The scheme also makes use of RSA encryption, which is elaborated in a nutshell for comparative understanding.

3.1 RSA Encryption

RSA encryption is a widely used public-key cryptosystem for secure data transmission, where a public and private key pair is used for encryption and decryption. The process is summarized as:

Choose two large prime numbers $p$ and $q$ , compute $n = p q$ . Select random integer $e$ such that $1 < e < λ (n)$ and $g c d (e, λ (n)) = 1$ , where $λ (n) = (p - 1) (q - 1)$ , and $g c d$ is the greatest common divisor. Compute $d = e^{- 1} (mod (λ (n)))$ . The public key is $(n, e)$ and the private key is $(p, q, d)$ .

Encryption

Assume that $M$ is a message to encrypt. First, turn $M$

(un-padded plain text) into an integer

m

(padded plain text) by padding scheme. The ciphertext is

c = m^{e} (mod n)

Decryption

Let $c$ be the ciphertext to decrypt, $m$ can be recovered by computing $c^{d} = (m^{e})^{d} = m (m o d n)$ . The plain text message $M$ can be recovered by reversing the padding scheme.

3.2 Paillier encryption

Paillier public-key cryptosystem is a classical homomorphic semantically secure public-key cryptosystem, and is used in proposed secure distance comparison protocol. This section outlines the basic technique of Paillier public-key cryptosystem.

Choose two large prime numbers $p$ and $q$ , and compute $n = p q$ . Select random integer $g$ , $g \in Z_{n^{2}}^{*}$ , ensure $g c d (L (g^{λ} mod n^{2}), n) = 1$ , where $L (x) = \frac{x - 1}{n}$ , $λ = l c m (p - 1, q - 1)$ , and $l c m$ is the lowest common multiple. The public key is $(n, g)$ and the private key is $(p, q)$ .

Encryption

Assume that $m$ is a message to be encrypted where $0 \leq m \leq n$ . Select random $r < n$ , then the ciphertext is $c = g^{m} \cdot r^{n} mod n^{2}$ .

Decryption

Let $c$ be the ciphertext to decrypt, where $c \in Z_{n^{2}}^{*}$ , the plain text message is $m = \frac{L (c^{λ} mod n^{2})}{L (g^{λ} mod n^{2})} mod n$ .

Paillier public-key cryptosystem has the following properties.

Homomorphic addition of plain texts

We can give the value of $E (m_{1} + m_{2})$ through $E (m_{1})$ and $E (m_{2})$ without knowing $m_{1}$ and $m_{2}$ .

$D (E (m_{1}, r_{1}) \cdot E (m_{2}, r_{2}) mod n^{2}) = m_{1} + m_{2} mod n$

Homomorphic multiplication of plain texts

We can give the value of $E (m_{1} m_{2})$ through $E (m_{1})$ and $m_{2}$ without knowing $m_{1}$ .

$D (E (m_{1}, r_{1})^{m_{2}} mod n^{2}) = m_{1} m_{2} mod n$

3.3 Secure Distance Comparison Protocol

In our system, LSs need to compare the distance between two vehicles with the corresponding threshold distance to effectively provide services. To preserve vehicles’ privacy, we propose a secure distance comparison protocol (as shown in Protocol 1) based on lipmaa2003verifiable and golle2006private . Let $d_{t h r e s h o l d}$ be threshold distance, $g$ be a generator of a cyclic group $M$ , and $d_{a c t u a l}$ be the actual distance. We set $d_{t h r e s h o l d}$ and $d_{a c t u a l}$ as integers. $G$ is a key generation algorithm. $P E$ is the Paillier encryption algorithm, and $P D$ is the Paillier decryption algorithm. $R$ is the space of random coins. $S$ is a probabilistic polynomial time algorithm with $S (1^{k}, P K) \subset Z$ , and $k$ is the security parameter.

1:Threshold distance

d_{t h r e s h o l d}

; Actual distance

d_{a c t u a l}

d_{t h r e s h o l d} > d_{a c t u a l}

as TRUE or FALSE

3:SNS generates the key pair

(s k_{m}, p k_{m}) \leftarrow G (1^{k})

and a random vale

r \leftarrow R

. Let

c \leftarrow P E_{p k_{m}} (d_{t h r e s h o l d} g; r)

. SNS sends

(p k_{m}, c)

to LS;

4:LS generates random

s \leftarrow S

r^{'} \leftarrow R

, computes

\begin{matrix} c^{'} \leftarrow & (c \cdot P E_{p k_{m}} (- (d_{a c t u a l} + i) g; 0))^{s} \cdot P E_{p k_{m}} (0; r^{'}) = & (P E_{p k_{m}} (d_{t h r e s h o l d} g; r) \cdot P E_{p k_{m}} (- (d_{a c t u a l} + i) g; 0))^{s} \cdot P E_{p k_{m}} (0; r^{'}) = & P E_{p k_{m}} (s (d_{t h r e s h o l d} - (d_{a c t u a l} + i)) g; r^{s} \circ r^{'}) \end{matrix}

for

i = 1, 2, \dots, n - 1

, LS computes

c^{'}

and send

c^{'}

to SNS;

5:SNS outputs

d_{t h r e s h o l d} > d_{a c t u a l}

as TRUE, iff

P D_{p k_{m}} (c^{'}) = 0

is found. Otherwise output FALSE.

Protocol 1 Security distance comparison protocol

4 Privacy-preserving Location-sharing (PPLS) Scheme

In order to preserve the vehicles’ location and social network privacy, the scheme utilizes encryption keys generated by different system entities. The details of each step are given below, and Table 1 lists the notations used in them.

Symbol	Description
$I D$	A vehicle’s social network identifier
$P I D$	A vehicle’s pseudo-identifier
SNS	Social network server
LSs	Location servers
$d f$	Threshold distance for a friend
$d s$	Threshold distance for strangers
$(p k_{u}, s k_{u})$	A vehicle’s public-private key pair
$(p k_{m}, s k_{m})$	SNS’s public-private key pair
$(p k_{s}, s k_{s})$	LS’s public-private key pair
$t l$	The time length for LS to save a record
$t s$	Time stamp
$t$	Vehicles’ location update cycle
$(x, y)$	Location of a vehicle
$d i s (u_{i}, u_{j})$	Distance between $u_{i}$ and $u_{j}$
$P E$	Paillier encryption algorithm
$P D$	Paillier decryption algorithm

Table 1: Summary of notations

Initialization:

Each vehicle has their identifier $I D$ and a public-private key pair $(p k_{u}, s k_{u})$ which can later be updated. Assume SNS and LSs serve a designated area, and vehicles’ group is represented as $U = {u_{1}, u_{2}, \dots, u_{z}}$ . LS has a public-private key pair $(p k_{s}, s k_{s})$ and all vehicles know LS’s $p k_{s}$ .

Registration:

When a vehicle $u_{i}$ with an identifier $I D$ intends to use the system’s services, they need to register with the SNS first. Registration is in the form of $(I D, C_{p k_{s}} (x_{i}, y_{i}), C_{p k_{s}} (p k_{u}), F l i s t, (d f_{i, 1}, d f_{i, 2}, . . ., d s), t s, S i g (I D, t s))$ , where $C_{p k_{s}} (x_{i}, y_{i})$ and $C_{p k_{s}} (p k_{u})$ are $u_{i}$ ’s location & public key (respectively) encrypted by LS’s public key, $F l i s t$ is $u_{i}$ ’s friend list, $d f_{i, 1}$ is $u_{i}$ ’s threshold distance for friend $u_{1}$ within which they are willing to share location with $u_{1}$ , $d s$ is the threshold distance for strangers with which $u_{i}$ is willing to reveal its location to strangers, $t s$ is a time stamp, and $S i g (I D, t s)$ is a signature generated on $t s$ . SNS holds a database to save vehicles’ threshold distances.

SNS confirms the request. If the signature is valid, SNS generates a registration request to LS. The request is in the form of $(P I D, C_{p k_{s}} (x, y), C_{p k_{s}} (p k_{u}), t l)$ , in which $P I D$ is $u_{i}$ ’s pseudo-identity generated by $A E S (I D, r t)$ and $r t$ is a random value. $t l$ is the time limit for which the record will be held. LSs can timely remove the expired data and reduce storage overhead. The value of $t l$ should be set slightly larger than the update cycle.

Update:

For each time period $t$ , vehicles need to update their information. Similar to the registration content, each vehicle sends a message to SNS in the form of $(I D, C_{p k_{s}} (x, y), C_{p k_{s}} (p k_{u}), F l i s t, (d f_{i, 1}, d f_{i, 2}, . . ., d s), t s, S i g (I D, t s))$ , where $C_{p k_{s}} (x, y)$ , $F l i s t$ and $(d f_{i, 1}, d f_{i, 2}, . . ., d s)$ represent vehicle’s new location encrypted by LS’s public key, new friendship, and new threshold distances. Without updating $p k_{u}$ , the adversary can associate the vehicle’s $P I D$ s by tracing $p k_{u}$ . If the signature is valid, SNS sends $(P I D, C_{p k_{s}} (x, y), C_{p k_{s}} (p k_{u}), t l)$ to LSs. LSs save related information in their database.

Request for particular friends:

If a vehicle $u_{i}$ with an identifier $I D$ wants to obtain the location(s) of their friend(s) $(f_{1}, f_{2}, \dots, f_{M})$ , $u_{i}$ submits a query for friends’ locations in the form of $(I D, C_{p k_{s}} (x_{i}, y_{i})$ , $p f$ , $(f_{1}, f_{2}, \dots, f_{M}))$ to SNS, where $p f$ represents the request type. To handle this request, SNS first recovers the pseudo-identity $P_{I D} = (P I D_{1}, P I D_{2}, \dots, P I D_{M})$ corresponding to $(f_{1}, f_{2}, \dots, f_{M})$ . Then, SNS randomly divides $P_{I D}$ into $Q$ subsets $P_{I D}^{1}, P_{I D}^{2}, \dots, P_{I D}^{Q}$ with different sizes, satisfying $P_{I D} = P_{I D}^{1} \cup P_{I D}^{2} \cup \dots \cup P_{I D}^{Q}$ , to prevent the adversary from knowing $u_{i}$ ’s friend relationships. For $P_{I D}^{j} = (P I D_{1}, P I D_{2}, \dots, P I D_{N})$ , SNS computes $(c_{1, i}, c_{2, i}, \dots, c_{N, i}) = (P E_{p k_{m}} (d f_{1, i} g; r_{1}), P E_{p k_{m}} (d f_{2, i} g; r_{2}), \dots,$
$P E_{p k_{m}} (d f_{N, i} g, r_{N}))$ , and sends $(P I D, C_{p k_{s}} (x_{i}, y_{i})$ , $p f$ , $P_{I D}^{j}, (c_{1, i}, c_{2, i}, \dots, c_{N, i}), p k_{m})$ to $L S_{j}$ , where $L S_{j}$ is the $j$ th location server in LSs. After receiving the request, $L S_{j}$ performs the following steps:

Decrypt $C_{p k_{s}} (x_{i}, y_{i})$ to get $u_{i}$ ’s current location $(x_{i}, y_{i})$ .
Calculate the distances between $u_{i}$ and its friends, and save as $(d_{1}, d_{2}, \dots, d_{N})$
$= (d i s (u_{i}, P I D_{1}), d i s (u_{i}, P I D_{2}), \dots, d i s (u_{i}, P I D_{N}))$ .
Choose parameters $s$ and $r^{'}$ . For $c_{1, i}$ , calculate

Let $p = 1, 2, \dots, n - 1$ and send corresponding $c_{1, i}^{'}$ to SNS.

If and only if there exists $p$ which makes $P D_{s k_{m}} (c_{1, i}^{'}) = 0$ , then $d_{1} < d f_{1, i}$ and $u_{i}$ satisfies $P I D_{1}$ ’s access control policy, otherwise $u_{i}$ does not satisfy the policy. SNS finds all $u_{i}$ ’s friends for whom $u_{i}$ satisfies their access control policies. Then $L S_{j}$ sends those friends’ encrypted locations to SNS. After collecting all results returned by LSs, SNS sends $u_{i}$ the ciphertexts. $u_{i}$ decrypts the ciphertexts and gets their requested friend’s location.

Request for friends within specific distance:

If a vehicle $u_{i}$ with identifier $I D$ wants to find friends’ locations within a certain distance, then a query for friends’ locations is submitted in the form of $(I D, C_{p k_{s}} (x_{i}, y_{i})$ , $f$ , $l)$ to SNS, where $f$ indicates the type of request. Similar to request for particular friends’ locations, after grouping friends randomly, SNS sends $(P I D, C_{p k_{s}} (x_{i}, y_{i})$ , $f$ , $P_{I D}^{j}, (c_{1, i}, c_{2, i}, \dots, c_{N, i}), p k_{m}, l)$ to $L S_{j}$ . When receiving the request, $L S_{j}$ performs the following steps:

Decrypt $C_{p k_{s}} (x_{i}, y_{i})$ to get $u_{i}$ ’s current location $(x_{i}, y_{i})$ .
Calculate the distances between $u_{i}$ and all of their friends, and save as $(d_{1}, d_{2}, \dots, d_{N}) = (d i s (u_{i}, P I D_{1}), d i s (u_{i}, P I D_{2}), \dots, d i s (u_{i}, P I D_{N}))$ .
Choose parameters $s$ and $r^{'}$ . For $c_{1, i}$ , calculate

Let $p = 1, 2, \dots, n - 1$ and send corresponding $c_{1, i}^{'}$ to SNS.

If and only if there exists $p$ which makes $P D_{s k_{m}} (c_{1, i}^{'}) = 0$ , then $d_{1} < d f_{1, i}$ and $u_{i}$ satisfies $P I D_{1}$ ’s access control policy. Furthermore, if $d_{1} < l$ , $f_{1}$ ’s location will be returned. SNS finds all these friends and gets their encrypted locations from $L S_{j}$ . After collecting the results returned by all LSs, SNS sends the final response to $u_{i}$ , which decrypts the ciphertext with their own private key $s k_{u}$ and gets the friends’ locations.

Request for strangers within specific distance:

If a vehicle $u_{i}$ wants to find location of stranger(s) who are within $l$ distance from them, then $u_{i}$ submits a strangers’ locations query $(I D, C_{p k_{s}} (x_{i}, y_{i})$ , $s$ , $l)$ to SNS. Here $s$ is the request type. Since there are too many unfamiliar vehicles around $u_{i}$ , SNS sends LSs a query $(P I D$ , $a l l$ , $l)$ first. LSs find all vehicles within $l$ distance away from $u_{i}$ and feed back the result. Then, SNS eliminates $u_{i}$ ’s friends randomly, and sends $(P I D, C_{p k_{s}} (x_{i}, y_{i}), s, P_{I D}^{j}, (c_{1, i}, c_{2, i}, \dots, c_{N, i}), p k_{m})$ to $L S_{j}$ . Assuming a stranger $u_{2}$ is within $l$ distance away from $u_{i}$ . $u_{2}$ ’s location is $(x_{2}, y_{2})$ and $u_{2}$ ’s threshold distance for strangers is $d s_{2}$ . If and only if $d i s (u_{i}, u_{2}) < d s_{2}$ , $L S_{j}$ returns $u_{2}$ ’s encrypted location to SNS. SNS then sends the final result to $u_{i}$ .

5 Security Analysis

The security analysis is provided based on the threat model and security goals. In PPLS, we assume that SNS and LSs. Hence, they do not collude with each other, and are not compromised by the adversary at the same time.

Access control

PPLS allows vehicles to set different threshold distances for different targets. Since SNS and LSs are assumed to be honest but curious, they will follow the protocol formally. That means, only the vehicles who satisfy the access policy can receive the location information and identity information of friends/strangers.

Identity privacy

In PPLS, LSs should not have any knowledge of vehicles’ identity-related information. Pseudo-identity is used when vehicles send update messages or queries. Thus, anonymity is achieved. Though threshold distances may leak identity information (indirectly) of vehicles to the adversary, homomorphic encryption is used to encrypt the sensitive data. Thus, vehicles’ identity privacy is well preserved.

Location privacy

SNS may collude with dishonest vehicles and attempt to obtain the location information of a particular vehicle illegally. When receiving the registration/update messages from vehicles or receiving the responses from LSs, SNS has the chances to access vehicles’ locations. PPLS encrypts vehicles’ locations using asymmetric encryption, which protects location information from SNS.

Social network privacy

The privacy of the social network is preserved by two approaches, which are described as follows.

When a vehicle requests for particular friends or friends/strangers within specific distances, SNS will divide the friends/strangers into random subsets and send these sets to different LSs. These subsets have different sizes and will be sent to LSs randomly. Furthermore, dummy vehicles can be added into the original set. As a result, each LS can only get part of the friend list with dummy vehicles. Since we assume that LS will not collude with each other, LSs are prevented from knowing vehicles’ social networks.
For each time period $t$ , vehicles need to update their information. During this phase, SNS assigns each vehicle a new pseudo-identifier, which is different from the original one. As a result, after the time period $t$ , for different queries from the same vehicle, the vehicle’s pseudo-identifier and its friends’ pseudo-identifiers become different. Therefore, it is impossible for LSs to determine the information of vehicles’ social networks.

6 Experimental Evaluation

The proposed PPLS scheme uses a number of encryption and decryption steps. To evaluate the real time performance, we have conducted a number of experiments.

6.1 Implementation

In our system, three cryptography schemes are implemented: digital signature, asymmetric encryption, and homomorphic encryption. We use RSA DBLP:conf/eurocrypt/BellareR96 with 1024-bit key size for data encryption, RSA PKCS1-v1-5 for signature, and Paillier with 1024-bit key size for homomorphic encryption. Our simulation is implemented on an Intel Xeon E3-1230v3 running at 3.4 GHz with 8 GB 2133 GHz memory. We use Python 3.5.0 to implement the proposed algorithms. Some PyPI packages are used in our cryptography schemes: $p y c r y p t o$ for signature, asymmetric encryption and $p h e$ for Paillier encryption.

In our experiments, vehicles can use many effective techniques to obtain locations, such as GPS. We assume that the threshold distance can set as $10, 20, \dots, 100$ meters with steps of 10 meters or $100, 200, \dots, 1000$ meters with steps of 100 meters. For friends, vehicles may consider choosing a smaller value as the threshold distance. For strangers, vehicles may choose a larger value as the threshold distance.

6.2 Evaluation

As the RSA signing technology used in the registration and update phases can be replaced by any other signing algorithms, we do not analyze the registration and updating phase.

The response time of the system to request for particular friends is related to the number of friends the vehicle requests. The response time to request for friends or strangers within specific distance is related to the size of the request area and the vehicle density within the scope. In essence, this parameter is also based on number of vehicles requested. Therefore, we observe the time spent for entire request process and the time spent for secure distance comparison protocol against different number of requested vehicles. We conduct each experiment 10 times and calculate the average values. The results are shown in Figure 2 and Figure 3, respectively.

Figure 3: Secure distance comparison protocol process

It can be observed from the results that the time spent on the request process increases approximately linearly with the number of vehicles requested, about 0.75 seconds per 10 individuals. The secure distance comparison protocol execution time also increases approximately linearly with the number of vehicles requested, about every 10 individuals with 0.7 seconds. The time spent in implementing the secure distance comparison protocol takes up a large percentage of the system’s time (in order to generate a response). The protocol time-consumption is mainly focused on determining the size relationship between the actual distance and the threshold distance, the traversal encryption of the actual distance in LS and the response decryption in SNS.

7 Related Works

In recent years, mobile computing has changed the future of communications and sevices Zhang2005 ; Xiao2007 , and accordingly promotes the rapid development of vehicular networks, VSNs have experienced an explosive development. Since a vehicle’s location is important information used in VSNs, the issue of protecting vehicles’ location privacy has received considerable attention. Until now, many studies on location privacy protection ju2015location ; rao2015novel have been done, such as location anonymity, information hiding DBLP:journals/ijcomsys/Das17 and so on. Location anonymity is an effective technique for location privacy protection and there are two types of methods to achieve it: 1) $K$ -anonymity: The fundamental premise is to mix the real user’s location information into $k - 1$ other anonymous users’ location information, which confuses the adversary. This approach is proposed in DBLP:journals/ijufks/Sweene02 by Sweeney in 2002, and then Gruteser et al. used it for location privacy protection in DBLP:conf/mobisys/GruteserG03 . Kido et al. extended $K$ -anonymity, and introduced the concept of virtual location DBLP:conf/icde/KidoYS05 . 2) Location encryption: The main idea of Location encryption is to encrypt the users’ location information with some encryption algorithms, such as the algorithm proposed by Khoshgozaran et al. DBLP:conf/ssd/KhoshgozaranS07 using Hilbert curves to encrypt the original location.

By combing the aforementioned methods, a series of research works have been proposed. In 2007, SmokeScreen DBLP:conf/mobisys/CoxDM07 proposed a scheme to protect users’ location privacy and provide location-sharing services for users. Subsequently, Wei et al. proposed MobiShare Wei2012MobiShare , which supports users sharing location information flexibly. In MobiShare, social network server and location server store users’ profiles and location information separately. Hence, neither of the two severs know the complete information of the users. However, this scheme cannot protect users’ social network topologies. Later, based on MobiShare, several mechanisms were proposed, such as N-MobiShare shen2016efficient ; DBLP:conf/3pgcic/LiuLCLJ13 , MobiShare+ li2014mobishare , and B-MobiShare shen2016efficient . In N-MobiShare, cellular tower was not treated as a core component of the system. Social network server took cellular tower’s task and forwarded users’ requests to location server. N-MobiShare used broadcast encryption to share off-line keys to users’ friends. Although N-Mobishare has a simpler structure than MobiShare, it did not solve the problem which MobiShare suffered. That is, the location server can still get users’ social network topologies in the query phase. Inspired by Wei et al.’s solution, Li et al. found that in MobiShare the pseudo-identity of the querying user can be known by LSs in the friend’s query. Hence, they proposed an improved mechanism named MobiShare+ li2014mobishare . Besides dummy locations and identities, this mechanism employed dummy queries. It applied a private set intersection protocol to prevent individual information leaked between the social network sever and the location server. MobiShare+ overcomes the weakpoints of MobiShare and N-MobiShare. However, it incurred excessively long processing time. To solve this problem and improve the transmission efficiency, Shen et al. proposed B-MobiShare shen2016efficient . Bloom Filter was used in this scheme to replace the private set intersection protocol in MobiShare+ and the time cost was reduced. However, B-MobiShare was less efficient than expected, the time cost was still high. In 2017, Li et al. proposed a system with enhanced privacy DBLP:journals/sj/LiYLCHW17 , using multiple location servers to prevent insider attack launched by the service providers.

However, all the above mechanisms do not treat the threshold distance as sensitive data, and work with a single threshold distance for users to set for all of their friends, which is unrealistic in real social networks.

8 Conclusion

Privacy preservation of location sharing in VSNs is an important issue. In this article we propose PPLS, which protects vehicles’ location privacy from SNS and preserves vehicles’ social network privacy from LSs. The scheme allows vehicles to set different threshold distances for different friends, and to enjoy a more flexible access control policy. In order to implement this access control policy, a secure distance comparing protocol is presented. To permit vehicles sharing locations with friends, new queries are designed for particular friends. The security analysis shows that PPLS is secure under a comprehensive security model. Moreover, the experimental evaluation demonstrates the efficiency of PPLS.

References

(1) F. Jamil, A. Javaid, T. Umer, M. H. Rehmani, A comprehensive survey of network coding in vehicular ad-hoc networks, Wireless Networks 23 (8) (2017) 2395–2414. doi:10.1007/s11276-016-1294-z.
URL https://doi.org/10.1007/s11276-016-1294-z
(2) N. Haouari, S. Moussaoui, S. M. Senouci, A. Boualouache, M. Guerroumi, Enhanced local density estimation in internet of vehicles, IET Communications 11 (15) (2017) 2393–2401. doi:10.1049/iet-com.2017.0154.
URL https://doi.org/10.1049/iet-com.2017.0154
(3) H. Sedjelmaci, S. M. Senouci, M. A. Abu-Rgheff, An efficient and lightweight intrusion detection mechanism for service-oriented vehicular networks, IEEE Internet of Things Journal 1 (6) (2014) 570–577. doi:10.1109/JIOT.2014.2366120.
URL https://doi.org/10.1109/JIOT.2014.2366120
(4) C. Zhang, L. Zhu, C. Xu, Inbar: A new interest-based routing framework in vehicular social networks, in: Security, Pattern Analysis, and Cybernetics (SPAC), 2017 International Conference on, IEEE, 2017, pp. 479–484.
(5) D. T. Hoang, C. Lee, D. Niyato, P. Wang, A survey of mobile cloud computing: architecture, applications, and approaches, Wireless Communications and Mobile Computing 13 (18) (2013) 1587–1611. doi:10.1002/wcm.1203.
URL https://doi.org/10.1002/wcm.1203
(6) X. Du, H. Chen, Security in wireless sensor networks, IEEE Wireless Commun. 15 (4) (2008) 60–66. doi:10.1109/MWC.2008.4599222.
URL https://doi.org/10.1109/MWC.2008.4599222
(7) X. Huang, X. Du, Achieving big data privacy via hybrid cloud, in: Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on, IEEE, 2014, pp. 512–517.
(8) L. Wu, X. Du, J. Wu, Mobifish: A lightweight anti-phishing scheme for mobile phones, in: Computer Communication and Networks (ICCCN), 2014 23rd International Conference on, IEEE, 2014, pp. 1–8.
(9) L. Wu, X. Du, X. Fu, Security threats to mobile multimedia applications: Camera-based attacks on mobile phones, IEEE Communications Magazine 52 (3) (2014) 80–87.
(10) L. Barkhuus, A. K. Dey, Location-based services for mobile telephony: a study of users’ privacy concerns, in: Human-Computer Interaction INTERACT ’03: IFIP TC13 International Conference on Human-Computer Interaction, 1st-5th September 2003, Zurich, Switzerland, 2003.
(11) J. Chen, H. Zhang, X. Du, B. Fang, Y. Liu, H. Yu, Base station location protection in wireless sensor networks: Attacks and defense, in: Proceedings of IEEE International Conference on Communications, ICC 2012, Ottawa, ON, Canada, June 10-15, 2012, 2012, pp. 554–559. doi:10.1109/ICC.2012.6364186.
URL https://doi.org/10.1109/ICC.2012.6364186
(12) H. Zhang, Z. Xu, X. Yu, X. Du, LPPS: location privacy protection for smartphones, in: 2016 IEEE International Conference on Communications, ICC 2016, Kuala Lumpur, Malaysia, May 22-27, 2016, 2016, pp. 1–6. doi:10.1109/ICC.2016.7511422.
URL https://doi.org/10.1109/ICC.2016.7511422
(13) H. Zhang, Z. Xu, Z. Zhou, J. Shi, X. Du, CLPP: context-aware location privacy protection for location-based social network, in: 2015 IEEE International Conference on Communications, ICC 2015, London, United Kingdom, June 8-12, 2015, 2015, pp. 1164–1169. doi:10.1109/ICC.2015.7248480.
URL https://doi.org/10.1109/ICC.2015.7248480
(14) W. Wei, F. Xu, Q. Li, Mobishare: Flexible privacy-preserving location sharing in mobile online social networks, Proceedings - IEEE INFOCOM 131 (5) (2012) 2616–2620.
(15) N. Shen, J. Yang, K. Yuan, C. Fu, C. Jia, An efficient and privacy-preserving location sharing mechanism, Computer Standards & Interfaces 44 (2016) 102–109.
(16) Z. Liu, J. Li, X. Chen, J. Li, C. Jia, New privacy-preserving location sharing system for mobile online social networks, in: Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, 3PGCIC 2013, Compiegne, France, October 28-30, 2013, 2013, pp. 214–218. doi:10.1109/3PGCIC.2013.38.
URL https://doi.org/10.1109/3PGCIC.2013.38
(17) J. Li, J. Li, X. Chen, Z. Liu, C. Jia, ${$ MobiShare $}$ +: Security improved system for location sharing in mobile online social networks., J. Internet Serv. Inf. Secur. 4 (1) (2014) 25–36.
(18) Z. Liu, D. Luo, J. Li, X. Chen, C. Jia, N-mobishare: new privacy-preserving location-sharing system for mobile online social networks, International Journal of Computer Mathematics 93 (2) (2016) 384–400.
(19) J. Li, H. Yan, Z. Liu, X. Chen, X. Huang, D. S. Wong, Location-sharing systems with enhanced privacy in mobile online social networks, IEEE Systems Journal 11 (2) (2017) 439–448. doi:10.1109/JSYST.2015.2415835.
URL https://doi.org/10.1109/JSYST.2015.2415835
(20) X. Du, M. Guizani, Y. Xiao, H.-H. Chen, Transactions papers a routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks, IEEE Transactions on Wireless Communications 8 (3) (2009) 1223–1229.
(21) Y. Xiao, V. K. Rayi, B. Sun, X. Du, F. Hu, M. Galloway, A survey of key management schemes in wireless sensor networks, Computer communications 30 (11-12) (2007) 2314–2341.
(22) X. Du, Y. Xiao, M. Guizani, H.-H. Chen, An effective key management scheme for heterogeneous sensor networks, Ad Hoc Networks 5 (1) (2007) 24–34.
(23) H. Lipmaa, Verifiable homomorphic oblivious transfer and private equality test, in: International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2003, pp. 416–433.
(24) P. Golle, A private stable matching algorithm, in: International Conference on Financial Cryptography and Data Security, Springer, 2006, pp. 65–80.
(25) M. Bellare, P. Rogaway, The exact security of digital signatures - how to sign with RSA and rabin, in: Advances in Cryptology - EUROCRYPT ’96, International Conference on the Theory and Application of Cryptographic Techniques, Saragossa, Spain, May 12-16, 1996, Proceeding, 1996, pp. 399–416. doi:10.1007/3-540-68339-9_34.
URL https://doi.org/10.1007/3-540-68339-9_34
(26) M. Zhang, X. Du, K. Nygard, Improving coverage performance in sensor networks by using mobile sensors, in: MILCOM 2005 - 2005 IEEE Military Communications Conference, 2005, pp. 3335–3341 Vol. 5.
(27) Y. Xiao, X. Du, J. Zhang, F. Hu, S. Guizani, Internet protocol television (iptv): The killer application for the next-generation internet, IEEE Communications Magazine 45 (11) (2007) 126–134.
(28) X. Ju, K. G. Shin, Location privacy protection for smartphone users using quadtree entropy maps, Journal of Information Privacy and Security 11 (2) (2015) 62–79.
(29) U. P. Rao, H. Girme, A novel framework for privacy preserving in location based services, in: Advanced Computing & Communication Technologies (ACCT), 2015 Fifth International Conference on, IEEE, 2015, pp. 272–277.
(30) A. K. Das, A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor, Int. J. Communication Systems 30 (1). doi:10.1002/dac.2933.
URL https://doi.org/10.1002/dac.2933
(31) L. Sweeney, k-anonymity: A model for protecting privacy, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 (5) (2002) 557–570. doi:10.1142/S0218488502001648.
URL https://doi.org/10.1142/S0218488502001648
(32) M. Gruteser, D. Grunwald, Anonymous usage of location-based services through spatial and temporal cloaking, in: Proceedings of the First International Conference on Mobile Systems, Applications, and Services, MobiSys 2003, San Francisco, CA, USA, May 5-8, 2003, 2003.
URL http://www.usenix.org/events/mobisys03/tech/gruteser.html
(33) H. Kido, Y. Yanagisawa, T. Satoh, Protection of location privacy using dummies for location-based services, in: Proceedings of the 21st International Conference on Data Engineering Workshops, ICDE 2005, 5-8 April 2005, Tokyo, Japan, 2005, p. 1248. doi:10.1109/ICDE.2005.269.
URL https://doi.org/10.1109/ICDE.2005.269
(34) A. Khoshgozaran, C. Shahabi, Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy, in: Advances in Spatial and Temporal Databases, 10th International Symposium, SSTD 2007, Boston, MA, USA, July 16-18, 2007, Proceedings, 2007, pp. 239–257. doi:10.1007/978-3-540-73540-3_14.
URL https://doi.org/10.1007/978-3-540-73540-3_14
(35) L. P. Cox, A. Dalton, V. Marupadi, Smokescreen: flexible privacy controls for presence-sharing, in: Proceedings of the 5th International Conference on Mobile Systems, Applications, and Services (MobiSys 2007), San Juan, Puerto Rico, June 11-13, 2007, 2007, pp. 233–245. doi:10.1145/1247660.1247688.
URL http://doi.acm.org/10.1145/1247660.1247688

PPLS: A Privacy-Preserving Location-Sharing Scheme in Vehicular Social Networks

Authors

PRIF: A Privacy-Preserving Interest-Based Forwarding Scheme for Social Internet of Vehicles

A Spectrum Aware Mobility Pattern Based Routing Protocol for CR-VANETs

A Privacy-Preserving Traffic Monitoring Scheme via Vehicular Crowdsourcing

Data Dissemination Using Interest Tree in Socially Aware Networking

Efficient and Privacy-Preserving Ride SharingOrganization for Transferable andNon-Transferable Services

Efficient and Privacy-Preserving Ride Sharing Organization for Transferable and Non-Transferable Services

Social Vehicle Swarms: A Novel Perspective on Social-aware Vehicular Communication Architecture

This week in AI

1 Introduction

2 System Models and Design Goals

2.1 System Architecture

Vehicles

RSUs

Social network server (SNS)

Location servers (LSs)

2.2 System Workflows

2.3 Threat Model

2.4 Security Goals

3 Building Blocks

3.1 RSA Encryption

Encryption

Decryption

3.2 Paillier encryption

Encryption

Decryption

Homomorphic addition of plain texts

Homomorphic multiplication of plain texts

3.3 Secure Distance Comparison Protocol

4 Privacy-preserving Location-sharing (PPLS) Scheme

Initialization:

Registration:

Update:

Request for particular friends:

Request for friends within specific distance:

Request for strangers within specific distance:

5 Security Analysis

Access control

Identity privacy

Location privacy

Social network privacy

6 Experimental Evaluation

6.1 Implementation

6.2 Evaluation

7 Related Works

8 Conclusion

References

References