Summary: | <p> Vehicular communications systems may one day save lives, reduce fuel consumption, and advance connectivity, but they may also transmit information which could be deanonymized to obtain personal information. Vehicle location data are of special concern because they could be used maliciously. This dissertation presents a systematic study resulting in novel definitions, metrics and methods for evaluating and applying location privacy preserving protocols specifically in vehicular settings.</p><p> Previous work in vehicular network privacy has not thoroughly considered vehicular mobility patterns. Previous work in vehicular network privacy has not solved the problem of collusion between MAC layer and application layer attackers. As defenses against location privacy attacks, previous work has favored the privacy methods of anonymization and obfuscation, but these methods have weaknesses. Spatial-temporal cloaking, for example, requires overhead of trusted third parties, and provides little protection in low vehicle densities especially when applications require frequent precise location data. Little published work has addressed the "location" part of location privacy, the geographical distance of location privacy, focusing instead on the size of the anonymity set. The need for new metrics is indicated.</p><p> The present research addresses these issues. In addition to new definitions and metrics, this study develops privacy methods which would (1) accommodate vehicular mobility patterns, (2) defend against collusion by MAC and application layer attackers, (3) produce privacy solutions which depend on cooperation neither by large numbers of other motorists nor by trusted third parties, and (4) function in low vehicle densities, notably during the transition period between system initialization and full saturation, (5) provide protection even when applications require frequent and precise location queries, and (6) provide protection over a geographical range beyond a vehicle's wireless communications range and provide protection over measurable and lengthy spans of time. Finally, it presents a new metric for measuring privacy (KDT), an equation to estimate the safety impact of privacy protocols (SSTE), and three new privacy models, Endpoint Protection Zones (EPZ), Privacy by Decoy (PBD) and Random Rotation of Vehicular Trajectory (RRVT).</p>
|