Maximizing Mix Zone Effectiveness for the Mitigation of De-anonymization Threats in the Traffic Probe Message Service
The Traffic Probe Message Service uses vehicle-to-roadside wireless communication to collect kinematic and other state data from participating vehicles. The draft standard requires vehicles to use pseudonymous identifiers in order to hide their identity. Whenever vehicles transmit state data to base stations called roadside equipment, the vehicles change their identifier and halt the collection of state data for a random period. These changes are designed to prevent a de-anonymization attack from reconstructing a vehicle’s path through the road network. Thus, the roadside equipment creates mix zones, which given enough vehicles within a zone and sufficient changes in vehicle mobility patterns, can reduce the success of de-anonymization attacks. In highway scenarios, optimal mixing is likely in the regions near highway interchanges. This paper hypothesizes that given the rules snapshot generation, the optimal place for pseudonym changes is upstream of the middle of an interchange. Simulations of various traffic conditions in a large highway scenario support this hypothesis, and suggest that roadside equipment be placed such that they create pseudonym changes at these locations in order to maximize the ability of mix zones to mitigate de-anonymization threats.
KeywordsMobile User Privacy Protection Misclassification Rate Location Privacy Lane Change
Unable to display preview. Download preview PDF.
- 1.DSRC Committee. DRAFT SAE J2735 Dedicated Short Range Communications (DSRC) Message Set Dictionary: Annex B: Traffic Probe Message Use and Operation. Society of Automotive Engineers, Warrendale, PA (2007) Google Scholar
- 3.Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Enhancing security and privacy in traffic-monitoring systems. IEEE Pervasive Computing Magazine, 38–46 (2006) Google Scholar
- 6.Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing Magazine, 46–55 (2003) Google Scholar
- 7.Meyerowitz, T.J., Choudhury, R.R.: Realtime location privacy via mobility prediction: creating confusion at crossroads. In: 10th Workshop on Mobile Computing Systems and Applications, pp. 1–6 (2009) Google Scholar
- 8.Li, M., Sampigethaya, K., Huang, L., Poovendran, R.: Swing & swap: user-centric approaches towards maximizing location privacy. In: ACM Workshop on Privacy in Electronic Society, pp. 19–28 (2006) Google Scholar
- 9.Blum, J.J., Okusun, P.O.: Privacy Implications of the Traffic Probe Message Service. In: IEEE Intelligent Transportation Systems Conference, pp. 342–347 (2010) Google Scholar
- 10.Owen, L.E., Zhang, Y., Rao, L., McHale, G.: Traffic flow simulation using CORSIM. In: Winter Simulation Conference, vol. 2, pp. 1143–1147 (2000)Google Scholar
- 11.Petty, K.: FSP 1.1: The Analysis Software for the FSP Project. University of California, Berkeley, Berkeley, CA (1994)Google Scholar