TY - GEN
T1 - Decentralized enforcement of k-anonymity for location privacy using secret sharing
AU - Förster, David
AU - Löhr, Hans
AU - Kargl, Frank
PY - 2016/1/18
Y1 - 2016/1/18
N2 - Protection of location privacy by reducing the accuracy of location data, until a desired level of privacy (e.g., measured as k-anonymity) is reached, is a well-known concept that is typically implemented using a privacy proxy. To eliminate the risks associated with a central, trusted party, we propose a generic method to enforce k-anonymity of location data in a decentralized way, using a distributed secret sharing algorithm and the concept of location and time specific keys. We describe our method in the context of a system for privacy-friendly traffic flow analysis, in which participants report origin, destination, start and end time of their trips. In order to protect their privacy the accuracy of time and location information is reduced, until it applies to at least k distinct trips. No trusted, central party is required to determine how much the accuracy of each trip report must be reduced. The participants establish location and time specific keys via vehicle-to-vehicle (V2V) communication at the beginning and end of their trips. They use these keys to encrypt trip reports with several levels of accuracy, and uploaded them to a central, untrusted database. The keys are published using a secret sharing algorithm that allows their reconstruction, once at least k shares of the same key have been uploaded. Consequently, trip reports become available automatically, after k vehicles have made the same trip (same origin, destination, start and end time) with respect to a certain accuracy level.
AB - Protection of location privacy by reducing the accuracy of location data, until a desired level of privacy (e.g., measured as k-anonymity) is reached, is a well-known concept that is typically implemented using a privacy proxy. To eliminate the risks associated with a central, trusted party, we propose a generic method to enforce k-anonymity of location data in a decentralized way, using a distributed secret sharing algorithm and the concept of location and time specific keys. We describe our method in the context of a system for privacy-friendly traffic flow analysis, in which participants report origin, destination, start and end time of their trips. In order to protect their privacy the accuracy of time and location information is reduced, until it applies to at least k distinct trips. No trusted, central party is required to determine how much the accuracy of each trip report must be reduced. The participants establish location and time specific keys via vehicle-to-vehicle (V2V) communication at the beginning and end of their trips. They use these keys to encrypt trip reports with several levels of accuracy, and uploaded them to a central, untrusted database. The keys are published using a secret sharing algorithm that allows their reconstruction, once at least k shares of the same key have been uploaded. Consequently, trip reports become available automatically, after k vehicles have made the same trip (same origin, destination, start and end time) with respect to a certain accuracy level.
KW - Conferences
KW - Cryptography
KW - Data privacy
KW - Databases
KW - Privacy
KW - Servers
KW - Vehicles
UR - https://www.scopus.com/pages/publications/84962030789
U2 - 10.1109/VNC.2015.7385589
DO - 10.1109/VNC.2015.7385589
M3 - Conference contribution
AN - SCOPUS:84962030789
T3 - IEEE Vehicular Networking Conference, VNC
SP - 279
EP - 286
BT - 2015 IEEE Vehicular Networking Conference, VNC 2015
A2 - Altintas, Onur
A2 - Kargl, Frank
A2 - Ekici, Eylem
A2 - Sommer, Christoph
A2 - Segata, Michele
PB - IEEE
CY - Piscataway, NJ
T2 - IEEE Vehicular Networking Conference, VNC 2015
Y2 - 16 December 2015 through 18 December 2015
ER -