On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs

  • Levente Buttyán
  • Tamás Holczer
  • István Vajda
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4572)


The promise of vehicular communications is to make road traffic safer and more efficient. However, besides the expected benefits, vehicular communications also introduce some privacy risk by making it easier to track the physical location of vehicles. One approach to solve this problem is that the vehicles use pseudonyms that they change with some frequency. In this paper, we study the effectiveness of this approach. We define a model based on the concept of the mix zone, characterize the tracking strategy of the adversary in this model, and introduce a metric to quantify the level of privacy enjoyed by the vehicles. We also report on the results of an extensive simulation where we used our model to determine the level of privacy achieved in realistic scenarios. In particular, in our simulation, we used a rather complex road map, generated traffic with realistic parameters, and varied the strength of the adversary by varying the number of her monitoring points. Our simulation results provide detailed information about the relationship between the strength of the adversary and the level of privacy achieved by changing pseudonyms.


location privacy pseudonym vehicular ad hoc network 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 3(1), 46–55 (2003)CrossRefGoogle Scholar
  3. 3.
    Beresford, A., Stajano, F.: Mix Zones: User privacy in location-aware services. In: Proceedings of First IEEE International Workshop on Pervasive Computing and Communication Security (PerSec) 2004, a workshop in PerCom (2004)Google Scholar
  4. 4.
    Communications for eSafety,
  5. 5.
    Chaum, D.: The Dining Cryptographers Problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1(1), 65–75 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM 4 (February 981)Google Scholar
  7. 7.
    Choi, J.Y., Jakobsson, M., Wetzel, S.: Balancing Auditability and Privacy in Vehicular Networks. In: Q2SWinet 2005. Proceedings of International Workshop on QoS and Security for Wireless and Mobile Networks, ACM Press, New York (2005)Google Scholar
  8. 8.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Doetzer, F.: Privacy issues in vehicular ad hoc networks. In: Workshop on Privacy Enhancing Technologies, Cavtat, Croatia (May 2005)Google Scholar
  10. 10.
    Gerlach, M.: Assessing and Improving Privacy in VANETs. In: ESCAR, Embedded Security in Cars (2006)Google Scholar
  11. 11.
    Gülcü, C., Tsudik, G.: Mixing E-mail With Babel. In: NDSS 1996. Proceedings of the Network and Distributed Security Symposium, February 1996, pp. 2–16. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  12. 12.
    Hu, Y.C., Wang, H.J.: A Framework for Location Privacy in Wireless Networks. In: Proceedings of the ACM SIGCOMM Asia Workshop 2005, April 2005, ACM, Bejing, China (2005)Google Scholar
  13. 13.
    Huang, L., Matsuura, K., Yamane, H., Sezaki, K.: Enhancing Wireless Location Privacy Using Silent Period. In: WCNC 2005. IEEE Wireless Communications and Networking Conference, IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  14. 14.
    Hubaux, J.P., Čapkun, S., Luo, J.: The security and privacy of smart vehicles. IEEE Security and Privacy 4(3), 49–55 (2004)CrossRefGoogle Scholar
  15. 15.
    Karnadi, F., Mo, Z., Lan, K.: Rapid Generation of Realistic Mobility Models for VANET. In: ACM MOBICOMM 2005. International Conference on Mobile Computing and Networking, ACM Press, New York (2005)Google Scholar
  16. 16.
    Kesdogan, D., Egner, J., Büschkes, R.: Stop-and-Go MIXes: Providing Probabilistic Anonymity in an Open System. In: Aucsmith, D. (ed.) Information Hiding. LNCS, vol. 1525, Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
  18. 18.
    Raya, M., Hubaux, J.P.: In: Proc. of Third ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2005), Alexandria (November 2005)Google Scholar
  19. 19.
    Raya, M., Hubaux, J.P.: Securing Vehicular Ad Hoc Network (Special Issue on Security of Ad Hoc and Sensor Networks). Journal of Computer Security 15(1), 39–68 (2007)Google Scholar
  20. 20.
    Reiter, M., Rubin, A.: Crowds: Anonymity for Web Transactions. ACM Transactions on Information and System Security 1 (1998)Google Scholar
  21. 21.
    Sampigethaya, K., Huang, L., Li, M., Poovendran, R., Matsuura, K., Sezaki, K.: Caravan: Providing location privacy for VANET. In: ESCAR 2005. Proc. of 3rd workshop on Embedded Security in Cars, Cologne, Germany (2005)Google Scholar
  22. 22.
    Schoch, E., Kargl, F., Leinmüller, T., Schlott, S., Papadimitratos, P.: Impact of Pseudonym Changes on Geographic Routing in VANETs. In: Buttyán, L., Gligor, V., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    SUMO Simulation of Urban MObility,
  25. 25.
    Vehicle Safety Communications Project,

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Levente Buttyán
    • 1
  • Tamás Holczer
    • 1
  • István Vajda
    • 1
  1. 1.Laboratory of Cryptography and System Security (CrySyS), Budapest University of Technology and Economics 

Personalised recommendations