Research On Location Privacy Protection Based On Differential Privacy In VANETs

With the rapid development of wireless communication technology,sensing technology,positioning technology and automotive industry,Vehicular Ad-hoc Networks(VANETs)have become research hotspots in recent years.VANETs include two kinds of applications,one is safety applications such as collision warning,emergency reporting,etc.These safety applications depend on vehicles periodically broadcasting beacon messages which including vehicles’ identities and driving states to enable them to detect collisions that may cause serious damage and make timely decisions to avoid such dangerous situations.The other kind application in VANETs is the value-added service applications represented by Location-based Service(LBS).As vehicles often need to use navigation services or query for nearby gas stations,service areas,etc.,LBS has become an essential part of VANETs.While these two kinds of applications bring higher safety and convenience to vehicles,the problem of location privacy leakage is also becoming increasingly serious.For safety applications,beacon messages broadcast by vehicles enhance road safety.However,attackers can also eavesdrop on these beacon messages and link the identity information to track vehicle’s trajectory.Therefore,existing researches advocate to use pseudonyms instead of real identity,and the pseudonyms need to be constantly changed,otherwise attackers can still track their trajectories by linking the vehicle’s unique pseudonym.At this stage,pseudonym change has become the mainstream location privacy protection method in safety applications of VANETs.For LBS application of VANETs,considering that when vehicles ask for LBS requests,they need to submit their location information to Location Service Provider(LSP)to obtain corresponding services.However,LSP may collect and abuse these information.Therefore,while providing convenience for vehicles,LBS also brings the danger of location privacy leakage.For this reason,researchers have proposed various location privacy protection solutions.Among them,the solutions based on differential privacy have attracted attentions from researchers as the advantages of not needing to consider the background knowledge of the attackers,providing provable privacy and quantifying the risk of privacy leakage.By investigating and analyzing the existing location privacy protection works in the above two kinds of applications,we find that there still exist some problems and we separately propose two location privacy protection schemes based on differential privacy.The main work of this paper includes:(1)It is found that the following problems still exist in current researches.1)For safety applications,existing pseudonym change methods have three problems.First,they all need to make assumptions about the attackers’ priori knowledge and inference ability,once the assumptions cannot match attackers’ actual prior knowledge and inference ability,the effectiveness cannot be guaranteed.Second,they cannot realize an ideal privacy protection idea,when attackers grasp the location privacy protection strategy adopted by the system,for vehicles with more similar driving states,it is more difficult for attackers to distinguish their pseudonym change results.Third,they cannot theoretically strictly prove the privacy protection effect of their schemes.2)For LBS applications,most existing studies based on differential privacy are only suitable for scenarios where a user asks for snapshot request.Considering that differential privacy owns sequence composition,when using differential privacy,the consumption of privacy budget will increase linearly with the raising of query numbers.Therefore,when a vehicle asks for continuous LBS requests,the privacy budget will be quickly exhausted,leading to the location privacy leakage of the request vehicle.(2)For safety applications,we first give a formal privacy definition for pseudonym swap process based on differential privacy,called pseudonym-indistinguishability,ensuring that no matter what prior knowledge an attacker possesses,it is impossible for him to determine which vehicle changes to a specific pseudonym with a higher probability than his prior knowledge.As we know,we are the first to apply differential privacy in pseudonym swap.Next,we propose a pseudonym swap method satisfying pseudonym-indistinguishability.We design similarity utility function considering vehicles’ driving states,then we utilize exponential mechanism to establish the mapping relationship between the candidate pseudonym set and the selected probability to generate a probability distribution.Finally,we make a probability sampling based on the probability distribution to choose a new pseudonym for each vehicle participating in the pseudonym swap process.Theoretical analysis explains security,effectiveness and convergence of our proposal.Experimental results show that comparing with other schemes,our proposal has higher successful rate of resisting pseudonym linking attack,higher probability of satisfying pseudonym change conditions,larger anonymous set and need less pseudonyms in the system.In addition,the calculation delay is also limited.(3)For LBS applications in VANETs,to solve the problem of excessive consumption of privacy budget when vehicles ask for continuous LBS requests,we propose a new location perturbation mechanism based on collaboration and caching while meeting geo-indistinguishability.By letting the request vehicles cooperate to construct a group,and selecting a group agent to generate a disturbed position based on differential privacy and proxy the entire group to submit everyone’s request to LSP,we achieve that queries of all group members can be satisfied while consuming only one member’s privacy budget.During this process,group members need to use ring signature to send their query contents to the group agent,so that the group agent cannot obtain the mapping between the query contents and the request vehicles.Meanwhile,we design a historical disturbed position cache mechanism to further reduce the privacy budget consumption of the group agent.Theoretical analysis shows the security,utility and limited time complexity of our proposal,and the experimental simulations show that no matter the vehicles ask for continuous LBS requests at a high frequency or a low frequency,our proposal can support more query numbers than other schemes,while the disturbance distance error is smaller.Furthermore,our proposal has limited storage overhead and computation delay.