Top

Published in:

2016 | OriginalPaper | Chapter

On Locational Privacy in the Absence of Anonymous Payments

Authors : Tilman Frosch, Sven Schäge, Martin Goll, Thorsten Holz

Published in: Data Protection on the Move

Publisher: Springer Netherlands

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this paper we deal with the situation that in certain contexts vendors have no incentive to implement anonymous payments or that existing regulation prevents complete customer anonymity. While the paper discusses the problem also in a general fashion, we use the recharging of electric vehicles using public charging infrastructure as a working example. Here, customers leave rather detailed movement trails, as they authenticate to charge and the whole process is post-paid, i.e., are billed after consumption. In an attempt to enforce transparency and give customers the information necessary to dispute a bill they deem inaccurate, Germany and other European countries require to retain the ID of the energy meter used in each charging process. Similar information is also retained in other applications, where Point of Sales terminals are used. While this happens in the customers’ best interest, this information is a location bound token, which compromises customers’ locational privacy and thus allows for the creation of rather detailed movement profiles. We adapt a carefully chosen group signature scheme to match these legal requirements and show how modern cryptographic methods can reunite the, in this case, conflicting requirements of transparency on the one hand and locational privacy on the other. In our solution, the user’s identity is explicitly known during a transaction, yet the user’s location is concealed, effectively hindering the creation of a movement profile based on financial transactions.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter The Context-Dependence of Citizens’ Attitudes and Preferences Regarding Privacy and Security

next chapter Development Towards a Learning Health System—Experiences with the Privacy Protection Model of the TRANSFoRm Project

Available only for authorised users

Andrew J. Blumberg and Peter Eckersley, On Locational Privacy, and How to Avoid Losing it Forever, technical report (Electronic Frontier Foundation, 2009), accessed February 4, 2013, https://www.eff.org/wp/locational-privacy.

E.g. David Chaum, “Security without identification: transaction systems to make big brother obsolete,” Commun. ACM 28, no. 10 (October 1985): 1030–1044, ISSN: 0001-0782, doi:10.1145/4372.4373, http://doi.acm.org/10.1145/4372.4373; David Chaum, Amos Fiat, and Moni Naor, “Untraceable Electronic Cash” in Advances in Cryptology—CRYPTO (1988); Stefan Brands, “Electronic cash systems based on the representation problem in groups of prime order” in CRYPTO (1993); Jan L. Camenisch, Jean-Marc Piveteau, and Markus A. Stadler, “An efficient electronic payment system protecting privacy,” in ESORICS (1994).

David Chaum, “Blind Signatures for Untraceable Payments,” in Advances in Cryptology: Proceedings of CRYPTO ’82 (1982).

Pike Research, Electric Vehicle Market Forecasts, http://www.pikeresearch.com/research/electric-vehicle-market-forecasts, 2013, accessed January 29, 2013.

cars21.com, EU proposes minimum of 8 million EV charging points by 2020, http://beta.cars21.com/news/view/5171, 2013, accessed January 29, 2013.

George Danezis, Roger Dingledine, and Nick Mathewson, “Mixminion: Design of a type III anonymous remailer protocol,” in IEEE Symposium on Security and Privacy, (2003).

Ulf Möller et al., Mixmaster Protocol | Version 2, http://www.abditum.com/mixmaster-spec.txt, 2003.

Roger Dingledine, Nick Mathewson, and Paul Syverson, “Tor: the second-generation onion router,” in 13th USENIX Security Symposium (2004).

https://www.e-clearing.net/; http://www.hubject.com.

David Chaum and Eugène van Heyst, “Group Signatures” in EUROCRYPT (1991), 257–265.

We recall once again that user identities have to be known to the verifier for a proper billing process. Thus it is not possible to anonymize user identities in the bills.

Cécile Delerable and David Pointcheval, “Dynamic Fully Anonymous Short Group Signatures" in VIETCRYPT (2006), 193–210.

Dan Boneh, Xavier Boyen, and Hovav Shacham, “Short Group Signatures” in CRYPTO (2004), 41–55.

Mihir Bellare, Haixia Shi, and Chong Zhang, “Foundations of Group Signatures: The Case of Dynamic Groups” in CT-RSA (2005), 136–153.

Kitae Kim et al., “Batch Verification and Finding Invalid Signatures in a Group Signature Scheme,” I. J. Network Security 13, no. 2 (2011): 61–70.

The batch verifier of Kim et al. uses the so-called small exponent test. Mihir Bellare, Juan A. Garay, and Tal Rabin, “Fast Batch Verification for Modular Exponentiation and Digital Signatures” in EUROCRYPT (1998), 236–250.

Jan Camenisch and Anna Lysyanskaya, “Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials" in CRYPTO (2002), 61-76; Lan Nguyen, “Accumulators from Bilinear Pairings and Applications,” in CT-RSA (2005), 275–292.

Boneh, Boyen, and Shacham, “Short Group Signatures.” in CRYPTO (2004).

Moni Naor and Moti Yung, “Universal One-Way Hash Functions and their Cryptographic Applications,” in STOC (1989).

Melissa Chase and Anna Lysyanskaya, “On Signatures of Knowledge,” in CRYPTO (2006), 78–96.

Kim et al., “Batch Verification and Finding Invalid Signatures in a Group Signature Scheme”; Delerable and Pointcheval, “Dynamic Fully Anonymous Short Group Signatures.”

Tibor Jager et al., “On the Security of TLS-DHE in the Standard Model” in Advances in Cryptology—CRYPTO (2012).

Kim et al., “Batch Verification and Finding Invalid Signatures in a Group Signature Scheme”; Delerable and Pointcheval, “Dynamic Fully Anonymous Short Group Signatures.”

http://iperf.sourceforge.net/.

Chris Y.T. Ma et al., “Privacy vulnerability of published anonymous mobility traces,” in MobiCom ’10 (2010).

Yves-Alexandre de Montjoye et al., “Unique in the Crowd: The privacy bounds of human mobility”, Scientific Reports, 2013, http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html

John Krumm, “Inference Attacks on Location Tracks”, in Pervasive Computing (Pervasive 2007).

Reza Shokri et al., “Quantifying Location Privacy,” in 2011 IEEE Symposium on Security and Privacy (SP) (May 2011), doi:10.1109/SP.2011.18

Ian Jackson, “Anonymous addresses and confidentiality of location”, in Information Hiding (1996).

Alastair R. Beresford and Frank Stajano, “Location privacy in pervasive computing”, IEEE Pervasive Computing 2, no. 1 (March 2003): 46–55, issn: 1536-1268, doi: 10.1109/MPRV.2003.1186725

Raluca Ada Popa et al., “Privacy and accountability for location-based aggregate statistics”, in ACM CCS (2011).

Jean-Pierre Hubaux, Srdjan Capkun, and Jun Luo, “The security and privacy of smart vehicles,” Security & Privacy, IEEE 2, no. 3 (2004): 49–55; Florian Dötzer, “Privacy Issues in Vehicular Ad Hoc Networks,” in Privacy Enhancing Technologies (2006); Julien Freudiger et al., “Mix-zones for location privacy in vehicular networks,” in Win-ITS (2007); K. Sampigethaya et al., “AMOEBA: Robust Location Privacy Scheme for VANET,” IEEE Journal on Selected Areas in Communications 25, no. 8 (October 2007): 1569–1589, issn: 0733-8716, doi: 10.1109/JSAC.2007.071007; Zhendong Ma, Location Privacy in Vehicular Communication Systems: a Measurement Approach (PhD thesis, University of Ulm, 2011).

Thomas S. Heydt-Benjamin et al., “Privacy for Public Transportation", in Privacy Enhancing Technologies (2006); Erik-Oliver Blass et al., “PSP: private and secure payment with RFID,” in WPES (2009); Foteini Baldimtsi et al., “Pay as you go,” in HotPETs (2012).

Josep Balasch et al., “PrETP: Privacy-Preserving Electronic Toll Pricing,” in 19th USENIX Security Symposium (2010).

Sarah Meiklejohn et al., “The Phantom Tollbooth: Privacy-Preserving Electronic Toll Collection in the Presence of Driver Collusion,” in 20th USENIX Security Symposium (2011).

Xihui Chen et al., “A Group Signature Based Electronic Toll Pricing System,” in ARES (2012).

Raluca Ada Popa, Hari Balakrishnan, and Andrew Blumberg, “VPriv: protecting privacy in location-based vehicular services,” in USENIX Security Symposium (2009).

Chao Li, Anonymous Payment Mechanisms for Electric Car Infrastructure, (master’s thesis, LU Leuven, 2011).

Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya, “Compact E-Cash,” in Advances in Cryptology—EUROCRYPT (2005).

Joseph Liu et al., “Enhancing Location Privacy for Electric Vehicles (at the right time),” in ESORICS (2012).

Mark Stegelmann and Dogan Kesdogan, “Design and Evaluation of a Privacy-Preserving Architecture for Vehicle-to-Grid Interaction,” in EuroPKI (2012).

https://gmplib.org/.

https://crypto.stanford.edu/pbc/.

https://code.google.com/p/gperftools/.

Balasch, Josep, Alfredo Rial, Carmela Troncoso, Christophe Geuens, Bart Preneel, and Ingrid Verbauwhede. 2010. PrETP: Privacy-preserving electronic toll pricing. In 19^th USENIX Security Symposium.

Baldimtsi, Foteini, Gesine Hinterwalder, Andy Rupp, Anna Lysyanskaya, Christof Paar, and Wayne Burleson. 2012. Pay as you go. In HotPETs.

Bellare, Mihir, Juan A. Garay, and Tal Rabin. 1998. Fast batch verification for modular exponentiation and digital signatures. In EUROCRYPT, 236–250.

Bellare, Mihir, Haixia Shi, and Chong Zhang. 2005. Foundations of group signatures: The case of dynamic groups. In CT-RSA, 136–153.

Beresford, Alastair, R., and Frank Stajano. 2003. Location privacy in pervasive computing. IEEE pervasive computing 2, 1 (Mar 2003): 46–55. ISSN: 1536-1268. doi:10.1109/MPRV.2003.1186725.

Blass, Erik-Oliver, Anil Kurmus, Refik Molva, and Thorsten Strufe. 2009. PSP: Private and secure payment with RFID. In WPES.

Blumberg, Andrew, J., and Peter Eckersley. 2009. On locational privacy, and how to avoid losing it forever. Technical report. Electronic frontier foundation. https://www.eff.org/wp/locational-privacy. Accessed 4 Feb 2013.

Boneh, Dan, Xavier Boyen, and Hovav Shacham. 2004. Short group signatures. In CRYPTO, 41–55.

Brands, Stefan. 1993. Electronic cash systems based on the representation problem in groups of prime order. In CRYPTO.

Camenisch, Jan L., Jean-Marc Piveteau, and Markus A. Stadler. 1994. An efficient electronic payment system protecting privacy. In ESORICS.

Camenisch, Jan, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact e-Cash. In Advances in cryptology—EUROCRYPT.

Camenisch, Jan, and Anna Lysyanskaya. 2002. Dynamic accumulators and application to efficient revocation of anonymous credentials. In CRYPTO, 61–76.

cars21.com. 2013. EU proposes minimum of 8 million EV charging points by 2020. http://beta.cars21.com/news/view/5171. Accessed 29 Jan 2013.

Chao Li. 2011. Anonymous payment mechanisms for electric car infrastructure. Master’s thesis, LU Leuven.

Chase, Melissa, and Anna Lysyanskaya. 2006. On signatures of knowledge. In CRYPTO, 78–96.

Chaum, David. 2013. Blind signatures for untraceable payments. In Advances in cryptology: Proceedings of CRYPTO ’82. 1982. Security without identification: Transaction systems to make big brother obsolete. Communication ACM 28, 10 (Oct 1985): 1030–1044. ISSN: 0001-0782. doi:10.1145/4372.4373. http://doi.acm.org/10.1145/4372.4373. Accessed 23 Jan 2013.

Chaum, David, Amos Fiat, and Moni Naor. 1988. Untraceable electronic cash. In Advances in cryptology—CRYPTO.

Chaum, David, and Eugne van Heyst. 1991. Group signatures. In EUROCRYPT, 257–265.

Chen, Xihui, Gabriele Lenzini, Sjouke Mauw, and Jun Pang.2012. A group signature based electronic toll pricing system. In ARES.

Danezis, George, Roger Dingledine, and Nick Mathewson. 2003. Mixminion: Design of a type III anonymous remailer protocol. In IEEE Symposium on Security and Privacy.

Delerable, Ccile, and David Pointcheval. 2006. Dynamic fully anonymous short group signatures. In VIETCRYPT, 193–210.

Dingledine, Roger, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. In 13th USENIX Security Symposium.

Dtzer, Florian. 2006. Privacy issues in vehicular Ad Hoc networks. In Privacy enhancing technologies.

Freudiger, Julien, Maxim Raya, Mrk Flegyhzi, Panos Papadimitratos, et al. 2007. Mix-zones for location privacy in vehicular networks. In Win-ITS.

Heydt-Benjamin, Thomas S., Hee-Jin Chae, Benessa Defend, and Kevin Fu. Privacy for public transportation. In Privacy enhancing technologies.

Hubaux, Jean-Pierre, Srdjan Capkun, and Jun Luo. 2004. The security and privacy of smart vehicles. Security and Privacy, IEEE 2, 3: 49–55.

Jackson, Ian. 1996. Anonymous addresses and confidentiality of location. In Information hiding.

Jager, Tibor, Florian Kohlar, Sven Schge, and Jrg Schwenk. 2012. On the security of TLS-DHE in the standard model. In Advances in cryptology—CRYPTO.

Kim, Kitae, Ikkwon Yie, Seongan Lim, and Daehun Nyang. 2011. Batch verification and finding invalid signatures in a group signature scheme. I. J. Network Security 13 2: 61–70.

John Krumm. 2007. Inference attacks on location tracks. In Pervasive computing (Pervasive 2007).

Liu, Joseph, Man Au, Willy Susilo, and Jianying Zhou. 2012. Enhancing location privacy for electric vehicles (at the right time). In ESORICS.

Ma, Chris Y.T., David K.Y. Yau, Nung Kwan Yip, and Nageswara S.V. Rao. 2010. Privacy vulnerability of published anonymous mobility traces. In MobiCom ’10.

Ma, Zhendong. 2011. Location privacy in vehicular communication systems: A measurement approach. Ph.D. dissertation, University of Ulm, Ulm.

Meiklejohn, Sarah, Keaton Mowery, Stephen Checkoway, and Hovav Shacham. 2011. The phantom tollbooth: Privacy-preserving electronic toll collection in the presence of driver collusion. In 20th USENIX Security Symposium.

Möller, Ulf, Lance Cottrell, Peter Palfrader, and Len Sassaman. 2003. Mixmaster protocol | Version 2. http://www.abditum.com/mixmaster-spec.txt.

Montjoye, Yves-Alexandre de, Csar A. Hidalgo, Michel Verleysen, and Vincent D. Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Scientific Reports. http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html.

Naor, Moni, and Moti Yung. 1989. Universal one-way hash functions and their cryptographic applications. In STOC, 33–43.

Nguyen, Lan. 2005. Accumulators from bilinear pairings and applications. In CT-RSA, 275–292.

Popa, Raluca Ada, Hari Balakrishnan, and Andrew Blumberg. 2009. VPriv: Protecting privacy in location-based vehicular services. In USENIX Security Symposium.

Popa, Raluca Ada, Andrew J Blumberg, Hari Balakrishnan, and Frank H Li. 2011. Privacy and accountability for location-based aggregate statistics. In ACM CCS.

Research, Pike. Electric Vehicle Market Forecasts. 2013. http://www.pikeresearch.com/research/electric-vehicle-market-forecasts. Accessed 29 Jan 2013.

Sampigethaya, K., Mingyan Li, Leping Huang, and R. Poovendran. 2007. AMOEBA: Robust location privacy scheme for VANET. IEEE Journal on Selected Areas in Communications 25, 8 (Oct 2007): 1569–1589. ISSN: 0733-8716. doi:10.1109/JSAC.2007.071007.

Shokri, R., G. Theodorakopoulos, J. Le Boudec, and J. Hubaux. 2011. Quantifying location privacy. In 2011 IEEE Symposium on Security and Privacy (SP), May 2011. doi:10.1109/SP.2011.18.

Stegelmann, Mark, and Dogan Kesdogan. 2012. Design and evaluation of a privacy-preserving architecture for vehicle-to-grid interaction. In EuroPKI.

Title: On Locational Privacy in the Absence of Anonymous Payments
Authors: Tilman Frosch
Sven Schäge
Martin Goll
Thorsten Holz
Publisher: Springer Netherlands
Book: Data Protection on the Move
Print ISBN: 978-94-017-7375-1

Electronic ISBN: 978-94-017-7376-8

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-94-017-7376-8_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner