TY - GEN
T1 - Maximizing Mix Zone Effectiveness for the Mitigation of De-anonymization Threats in the Traffic Probe Message Service
AU - Blum, Jeremy J.
AU - Okosun, Peter O.
N1 - Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.
PY - 2012
Y1 - 2012
N2 - The Traffic Probe Message Service uses vehicle-to-roadside wireless communication to collect kinematic and other state data from participating vehicles. The draft standard requires vehicles to use pseudonymous identifiers in order to hide their identity. Whenever vehicles transmit state data to base stations called roadside equipment, the vehicles change their identifier and halt the collection of state data for a random period. These changes are designed to prevent a de-anonymization attack from reconstructing a vehicle's path through the road network. Thus, the roadside equipment creates mix zones, which given enough vehicles within a zone and sufficient changes in vehicle mobility patterns, can reduce the success of de-anonymization attacks. In highway scenarios, optimal mixing is likely in the regions near highway interchanges. This paper hypothesizes that given the rules snapshot generation, the optimal place for pseudonym changes is upstream of the middle of an interchange. Simulations of various traffic conditions in a large highway scenario support this hypothesis, and suggest that roadside equipment be placed such that they create pseudonym changes at these locations in order to maximize the ability of mix zones to mitigate de-anonymization threats.
AB - The Traffic Probe Message Service uses vehicle-to-roadside wireless communication to collect kinematic and other state data from participating vehicles. The draft standard requires vehicles to use pseudonymous identifiers in order to hide their identity. Whenever vehicles transmit state data to base stations called roadside equipment, the vehicles change their identifier and halt the collection of state data for a random period. These changes are designed to prevent a de-anonymization attack from reconstructing a vehicle's path through the road network. Thus, the roadside equipment creates mix zones, which given enough vehicles within a zone and sufficient changes in vehicle mobility patterns, can reduce the success of de-anonymization attacks. In highway scenarios, optimal mixing is likely in the regions near highway interchanges. This paper hypothesizes that given the rules snapshot generation, the optimal place for pseudonym changes is upstream of the middle of an interchange. Simulations of various traffic conditions in a large highway scenario support this hypothesis, and suggest that roadside equipment be placed such that they create pseudonym changes at these locations in order to maximize the ability of mix zones to mitigate de-anonymization threats.
UR - http://www.scopus.com/inward/record.url?scp=84885016438&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84885016438&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-29222-4_42
DO - 10.1007/978-3-642-29222-4_42
M3 - Conference contribution
AN - SCOPUS:84885016438
SN - 9783642292217
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 598
EP - 611
BT - Quality, Reliability,Security and Robustness in Heterogeneous Networks - 7th Int. Conf. on Heterogeneous Networking for Quality, Reliability, Security and Robustness, QShine 2010 and DSRC 2010.
PB - Springer Verlag
T2 - 7th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, QShine 2010, and Dedicated Short Range CommunicationsWorkshop, DSRC 2010
Y2 - 17 November 2010 through 19 November 2010
ER -