Skip to main content
SpringerLink
Log in

On Locational Privacy in the Absence of Anonymous Payments

  • Chapter
Data Protection on the Move

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 24))

  • 3286 Accesses

Abstract

In this paper we deal with the situation that in certain contexts vendors have no incentive to implement anonymous payments or that existing regulation prevents complete customer anonymity. While the paper discusses the problem also in a general fashion, we use the recharging of electric vehicles using public charging infrastructure as a working example. Here, customers leave rather detailed movement trails, as they authenticate to charge and the whole process is post-paid, i.e., are billed after consumption. In an attempt to enforce transparency and give customers the information necessary to dispute a bill they deem inaccurate, Germany and other European countries require to retain the ID of the energy meter used in each charging process. Similar information is also retained in other applications, where Point of Sales terminals are used. While this happens in the customers’ best interest, this information is a location bound token, which compromises customers’ locational privacy and thus allows for the creation of rather detailed movement profiles. We adapt a carefully chosen group signature scheme to match these legal requirements and show how modern cryptographic methods can reunite the, in this case, conflicting requirements of transparency on the one hand and locational privacy on the other. In our solution, the user’s identity is explicitly known during a transaction, yet the user’s location is concealed, effectively hindering the creation of a movement profile based on financial transactions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Andrew J. Blumberg and Peter Eckersley, On Locational Privacy, and How to Avoid Losing it Forever, technical report (Electronic Frontier Foundation, 2009), accessed February 4, 2013, https://www.eff.org/wp/locational-privacy.

  2. 2.

    E.g. David Chaum, “Security without identification: transaction systems to make big brother obsolete,” Commun. ACM 28, no. 10 (October 1985): 1030–1044, ISSN: 0001-0782, doi:10.1145/4372.4373, http://doi.acm.org/10.1145/4372.4373; David Chaum, Amos Fiat, and Moni Naor, “Untraceable Electronic Cash” in Advances in CryptologyCRYPTO (1988); Stefan Brands, “Electronic cash systems based on the representation problem in groups of prime order” in CRYPTO (1993); Jan L. Camenisch, Jean-Marc Piveteau, and Markus A. Stadler, “An efficient electronic payment system protecting privacy,” in ESORICS (1994).

  3. 3.

    David Chaum, “Blind Signatures for Untraceable Payments,” in Advances in Cryptology: Proceedings of CRYPTO ’82 (1982).

  4. 4.

    Pike Research, Electric Vehicle Market Forecasts, http://www.pikeresearch.com/research/electric-vehicle-market-forecasts, 2013, accessed January 29, 2013.

  5. 5.

    cars21.com, EU proposes minimum of 8 million EV charging points by 2020, http://beta.cars21.com/news/view/5171, 2013, accessed January 29, 2013.

  6. 6.

    George Danezis, Roger Dingledine, and Nick Mathewson, “Mixminion: Design of a type III anonymous remailer protocol,” in IEEE Symposium on Security and Privacy, (2003).

  7. 7.

    Ulf Möller et al., Mixmaster Protocol | Version 2, http://www.abditum.com/mixmaster-spec.txt, 2003.

  8. 8.

    Roger Dingledine, Nick Mathewson, and Paul Syverson, “Tor: the second-generation onion router,” in 13th USENIX Security Symposium (2004).

  9. 9.

    https://www.e-clearing.net/; http://www.hubject.com.

  10. 10.

    David Chaum and Eugène van Heyst, “Group Signatures” in EUROCRYPT (1991), 257–265.

  11. 11.

    We recall once again that user identities have to be known to the verifier for a proper billing process. Thus it is not possible to anonymize user identities in the bills.

  12. 12.

    Cécile Delerable and David Pointcheval, “Dynamic Fully Anonymous Short Group Signatures" in VIETCRYPT (2006), 193–210.

  13. 13.

    Dan Boneh, Xavier Boyen, and Hovav Shacham, “Short Group Signatures” in CRYPTO (2004), 41–55.

  14. 14.

    Mihir Bellare, Haixia Shi, and Chong Zhang, “Foundations of Group Signatures: The Case of Dynamic Groups” in CT-RSA (2005), 136–153.

  15. 15.

    Kitae Kim et al., “Batch Verification and Finding Invalid Signatures in a Group Signature Scheme,” I. J. Network Security 13, no. 2 (2011): 61–70.

  16. 16.

    The batch verifier of Kim et al. uses the so-called small exponent test. Mihir Bellare, Juan A. Garay, and Tal Rabin, “Fast Batch Verification for Modular Exponentiation and Digital Signatures” in EUROCRYPT (1998), 236–250.

  17. 17.

    Jan Camenisch and Anna Lysyanskaya, “Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials" in CRYPTO (2002), 61-76; Lan Nguyen, “Accumulators from Bilinear Pairings and Applications,” in CT-RSA (2005), 275–292.

  18. 18.

    Boneh, Boyen, and Shacham, “Short Group Signatures.” in CRYPTO (2004).

  19. 19.

    Moni Naor and Moti Yung, “Universal One-Way Hash Functions and their Cryptographic Applications,” in STOC (1989).

  20. 20.

    Melissa Chase and Anna Lysyanskaya, “On Signatures of Knowledge,” in CRYPTO (2006), 78–96.

  21. 21.

    Kim et al., “Batch Verification and Finding Invalid Signatures in a Group Signature Scheme”; Delerable and Pointcheval, “Dynamic Fully Anonymous Short Group Signatures.”

  22. 22.

    Tibor Jager et al., “On the Security of TLS-DHE in the Standard Model” in Advances in CryptologyCRYPTO (2012).

  23. 23.

    Kim et al., “Batch Verification and Finding Invalid Signatures in a Group Signature Scheme”; Delerable and Pointcheval, “Dynamic Fully Anonymous Short Group Signatures.”

  24. 24.

    http://iperf.sourceforge.net/.

  25. 25.

    Chris Y.T. Ma et al., “Privacy vulnerability of published anonymous mobility traces,” in MobiCom ’10 (2010).

  26. 26.

    Yves-Alexandre de Montjoye et al., “Unique in the Crowd: The privacy bounds of human mobility”, Scientific Reports, 2013, http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html

  27. 27.

    John Krumm, “Inference Attacks on Location Tracks”, in Pervasive Computing (Pervasive 2007).

  28. 28.

    Reza Shokri et al., “Quantifying Location Privacy,” in 2011 IEEE Symposium on Security and Privacy (SP) (May 2011), doi:10.1109/SP.2011.18

  29. 29.

    Ian Jackson, “Anonymous addresses and confidentiality of location”, in Information Hiding (1996).

  30. 30.

    Alastair R. Beresford and Frank Stajano, “Location privacy in pervasive computing”, IEEE Pervasive Computing 2, no. 1 (March 2003): 46–55, issn: 1536-1268, doi: 10.1109/MPRV.2003.1186725

  31. 31.

    Raluca Ada Popa et al., “Privacy and accountability for location-based aggregate statistics”, in ACM CCS (2011).

  32. 32.

    Jean-Pierre Hubaux, Srdjan Capkun, and Jun Luo, “The security and privacy of smart vehicles,” Security & Privacy, IEEE 2, no. 3 (2004): 49–55; Florian Dötzer, “Privacy Issues in Vehicular Ad Hoc Networks,” in Privacy Enhancing Technologies (2006); Julien Freudiger et al., “Mix-zones for location privacy in vehicular networks,” in Win-ITS (2007); K. Sampigethaya et al., “AMOEBA: Robust Location Privacy Scheme for VANET,” IEEE Journal on Selected Areas in Communications 25, no. 8 (October 2007): 1569–1589, issn: 0733-8716, doi: 10.1109/JSAC.2007.071007; Zhendong Ma, Location Privacy in Vehicular Communication Systems: a Measurement Approach (PhD thesis, University of Ulm, 2011).

  33. 33.

    Thomas S. Heydt-Benjamin et al., “Privacy for Public Transportation", in Privacy Enhancing Technologies (2006); Erik-Oliver Blass et al., “PSP: private and secure payment with RFID,” in WPES (2009); Foteini Baldimtsi et al., “Pay as you go,” in HotPETs (2012).

  34. 34.

    Josep Balasch et al., “PrETP: Privacy-Preserving Electronic Toll Pricing,” in 19th USENIX Security Symposium (2010).

  35. 35.

    Sarah Meiklejohn et al., “The Phantom Tollbooth: Privacy-Preserving Electronic Toll Collection in the Presence of Driver Collusion,” in 20th USENIX Security Symposium (2011).

  36. 36.

    Xihui Chen et al., “A Group Signature Based Electronic Toll Pricing System,” in ARES (2012).

  37. 37.

    Raluca Ada Popa, Hari Balakrishnan, and Andrew Blumberg, “VPriv: protecting privacy in location-based vehicular services,” in USENIX Security Symposium (2009).

  38. 38.

    Chao Li, Anonymous Payment Mechanisms for Electric Car Infrastructure, (master’s thesis, LU Leuven, 2011).

  39. 39.

    Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya, “Compact E-Cash,” in Advances in CryptologyEUROCRYPT (2005).

  40. 40.

    Joseph Liu et al., “Enhancing Location Privacy for Electric Vehicles (at the right time),” in ESORICS (2012).

  41. 41.

    Mark Stegelmann and Dogan Kesdogan, “Design and Evaluation of a Privacy-Preserving Architecture for Vehicle-to-Grid Interaction,” in EuroPKI (2012).

  42. 42.

    https://gmplib.org/.

  43. 43.

    https://crypto.stanford.edu/pbc/.

  44. 44.

    https://code.google.com/p/gperftools/.

Bibliography

  • Balasch, Josep, Alfredo Rial, Carmela Troncoso, Christophe Geuens, Bart Preneel, and Ingrid Verbauwhede. 2010. PrETP: Privacy-preserving electronic toll pricing. In 19th USENIX Security Symposium.

    Google Scholar 

  • Baldimtsi, Foteini, Gesine Hinterwalder, Andy Rupp, Anna Lysyanskaya, Christof Paar, and Wayne Burleson. 2012. Pay as you go. In HotPETs.

    Google Scholar 

  • Bellare, Mihir, Juan A. Garay, and Tal Rabin. 1998. Fast batch verification for modular exponentiation and digital signatures. In EUROCRYPT, 236–250.

    Google Scholar 

  • Bellare, Mihir, Haixia Shi, and Chong Zhang. 2005. Foundations of group signatures: The case of dynamic groups. In CT-RSA, 136–153.

    Google Scholar 

  • Beresford, Alastair, R., and Frank Stajano. 2003. Location privacy in pervasive computing. IEEE pervasive computing 2, 1 (Mar 2003): 46–55. ISSN: 1536-1268. doi:10.1109/MPRV.2003.1186725.

    Google Scholar 

  • Blass, Erik-Oliver, Anil Kurmus, Refik Molva, and Thorsten Strufe. 2009. PSP: Private and secure payment with RFID. In WPES.

    Google Scholar 

  • Blumberg, Andrew, J., and Peter Eckersley. 2009. On locational privacy, and how to avoid losing it forever. Technical report. Electronic frontier foundation. https://www.eff.org/wp/locational-privacy. Accessed 4 Feb 2013.

  • Boneh, Dan, Xavier Boyen, and Hovav Shacham. 2004. Short group signatures. In CRYPTO, 41–55.

    Google Scholar 

  • Brands, Stefan. 1993. Electronic cash systems based on the representation problem in groups of prime order. In CRYPTO.

    Google Scholar 

  • Camenisch, Jan L., Jean-Marc Piveteau, and Markus A. Stadler. 1994. An efficient electronic payment system protecting privacy. In ESORICS.

    Google Scholar 

  • Camenisch, Jan, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact e-Cash. In Advances in cryptology—EUROCRYPT.

    Google Scholar 

  • Camenisch, Jan, and Anna Lysyanskaya. 2002. Dynamic accumulators and application to efficient revocation of anonymous credentials. In CRYPTO, 61–76.

    Google Scholar 

  • cars21.com. 2013. EU proposes minimum of 8 million EV charging points by 2020. http://beta.cars21.com/news/view/5171. Accessed 29 Jan 2013.

  • Chao Li. 2011. Anonymous payment mechanisms for electric car infrastructure. Master’s thesis, LU Leuven.

    Google Scholar 

  • Chase, Melissa, and Anna Lysyanskaya. 2006. On signatures of knowledge. In CRYPTO, 78–96.

    Google Scholar 

  • Chaum, David. 2013. Blind signatures for untraceable payments. In Advances in cryptology: Proceedings of CRYPTO ’82. 1982. Security without identification: Transaction systems to make big brother obsolete. Communication ACM 28, 10 (Oct 1985): 1030–1044. ISSN: 0001-0782. doi:10.1145/4372.4373. http://doi.acm.org/10.1145/4372.4373. Accessed 23 Jan 2013.

    Google Scholar 

  • Chaum, David, Amos Fiat, and Moni Naor. 1988. Untraceable electronic cash. In Advances in cryptology—CRYPTO.

    Google Scholar 

  • Chaum, David, and Eugne van Heyst. 1991. Group signatures. In EUROCRYPT, 257–265.

    Google Scholar 

  • Chen, Xihui, Gabriele Lenzini, Sjouke Mauw, and Jun Pang.2012. A group signature based electronic toll pricing system. In ARES.

    Google Scholar 

  • Danezis, George, Roger Dingledine, and Nick Mathewson. 2003. Mixminion: Design of a type III anonymous remailer protocol. In IEEE Symposium on Security and Privacy.

    Google Scholar 

  • Delerable, Ccile, and David Pointcheval. 2006. Dynamic fully anonymous short group signatures. In VIETCRYPT, 193–210.

    Google Scholar 

  • Dingledine, Roger, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. In 13th USENIX Security Symposium.

    Google Scholar 

  • Dtzer, Florian. 2006. Privacy issues in vehicular Ad Hoc networks. In Privacy enhancing technologies.

    Google Scholar 

  • Freudiger, Julien, Maxim Raya, Mrk Flegyhzi, Panos Papadimitratos, et al. 2007. Mix-zones for location privacy in vehicular networks. In Win-ITS.

    Google Scholar 

  • Heydt-Benjamin, Thomas S., Hee-Jin Chae, Benessa Defend, and Kevin Fu. Privacy for public transportation. In Privacy enhancing technologies.

    Google Scholar 

  • Hubaux, Jean-Pierre, Srdjan Capkun, and Jun Luo. 2004. The security and privacy of smart vehicles. Security and Privacy, IEEE 2, 3: 49–55.

    Google Scholar 

  • Jackson, Ian. 1996. Anonymous addresses and confidentiality of location. In Information hiding.

    Google Scholar 

  • Jager, Tibor, Florian Kohlar, Sven Schge, and Jrg Schwenk. 2012. On the security of TLS-DHE in the standard model. In Advances in cryptology—CRYPTO.

    Google Scholar 

  • Kim, Kitae, Ikkwon Yie, Seongan Lim, and Daehun Nyang. 2011. Batch verification and finding invalid signatures in a group signature scheme. I. J. Network Security 13 2: 61–70.

    Google Scholar 

  • John Krumm. 2007. Inference attacks on location tracks. In Pervasive computing (Pervasive 2007).

    Google Scholar 

  • Liu, Joseph, Man Au, Willy Susilo, and Jianying Zhou. 2012. Enhancing location privacy for electric vehicles (at the right time). In ESORICS.

    Google Scholar 

  • Ma, Chris Y.T., David K.Y. Yau, Nung Kwan Yip, and Nageswara S.V. Rao. 2010. Privacy vulnerability of published anonymous mobility traces. In MobiCom ’10.

    Google Scholar 

  • Ma, Zhendong. 2011. Location privacy in vehicular communication systems: A measurement approach. Ph.D. dissertation, University of Ulm, Ulm.

    Google Scholar 

  • Meiklejohn, Sarah, Keaton Mowery, Stephen Checkoway, and Hovav Shacham. 2011. The phantom tollbooth: Privacy-preserving electronic toll collection in the presence of driver collusion. In 20th USENIX Security Symposium.

    Google Scholar 

  • Möller, Ulf, Lance Cottrell, Peter Palfrader, and Len Sassaman. 2003. Mixmaster protocol | Version 2. http://www.abditum.com/mixmaster-spec.txt.

  • Montjoye, Yves-Alexandre de, Csar A. Hidalgo, Michel Verleysen, and Vincent D. Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Scientific Reports. http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html.

  • Naor, Moni, and Moti Yung. 1989. Universal one-way hash functions and their cryptographic applications. In STOC, 33–43.

    Google Scholar 

  • Nguyen, Lan. 2005. Accumulators from bilinear pairings and applications. In CT-RSA, 275–292.

    Google Scholar 

  • Popa, Raluca Ada, Hari Balakrishnan, and Andrew Blumberg. 2009. VPriv: Protecting privacy in location-based vehicular services. In USENIX Security Symposium.

    Google Scholar 

  • Popa, Raluca Ada, Andrew J Blumberg, Hari Balakrishnan, and Frank H Li. 2011. Privacy and accountability for location-based aggregate statistics. In ACM CCS.

    Google Scholar 

  • Research, Pike. Electric Vehicle Market Forecasts. 2013. http://www.pikeresearch.com/research/electric-vehicle-market-forecasts. Accessed 29 Jan 2013.

  • Sampigethaya, K., Mingyan Li, Leping Huang, and R. Poovendran. 2007. AMOEBA: Robust location privacy scheme for VANET. IEEE Journal on Selected Areas in Communications 25, 8 (Oct 2007): 1569–1589. ISSN: 0733-8716. doi:10.1109/JSAC.2007.071007.

    Google Scholar 

  • Shokri, R., G. Theodorakopoulos, J. Le Boudec, and J. Hubaux. 2011. Quantifying location privacy. In 2011 IEEE Symposium on Security and Privacy (SP), May 2011. doi:10.1109/SP.2011.18.

  • Stegelmann, Mark, and Dogan Kesdogan. 2012. Design and evaluation of a privacy-preserving architecture for vehicle-to-grid interaction. In EuroPKI.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany

    Tilman Frosch, Sven Schäge, Martin Goll & Thorsten Holz

Authors
  1. Tilman Frosch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sven Schäge
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Goll
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thorsten Holz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tilman Frosch .

Editor information

Editors and Affiliations

  1. Law, Science, Technology and Society (LSTS), Faculty of Law and Criminology, Vrije Universiteit Brussel, Brussels, Belgium

    Serge Gutwirth

  2. Tilburg Institute for Law, Technology, and Society, Tilburg University, Tilburg, The Netherlands

    Ronald Leenes

  3. Law, Science, Technology and Society, Faculty of Law and Criminology, Vrije Universiteit Brussel, Brussels, Belgium

    Paul De Hert

Appendices

Appendix 1: Implementation Details

The current source code is a makefile project, written in C. We chose the language C, as the external routines and the libraries we rely on are also written in C, hence the whole project and its dependencies are written in one language. We implemented XSGS as a library. This XSGS library uses the GNU Multiple Precision Arithmetic Library1Footnote 42 for the basic arithmetic operations, the Pairing-Based Cryptography Library2Footnote 43 (PBC) for the curve and pairing-based arithmetic operations, the optimized reference implementation of the authors for the SHA3 hash algorithm (Keccak3) and the OpenSSL Library4 for RSA signature and certificate support.

At compile time one can choose between the TCMalloc LibraryFootnote 44 for a fast and multithreaded malloc() or the GNU C Library memory allocation, which will be linked to the XSGS library.

Appendix 2: Cryptographic Parameters

The PBC library defines a variety of pairing types, of which our XSGS implementation uses either type D, F, or G, respectively. The type can be chosen at compile time. The group order is ~300 bits, the curve parameters are as follows: r > = 160, q >=1024/k, k = 6 (type D) 12 (type F) 10 (type G).

Where Paillier’s operations are used, the modulus is of 1024 bit; RSA can by chose at compile time to use key lengths of either 1024, 2048, or 4096. The cryptographic hash function used throughout the XSGS implementation is the SHA3 contest winner Keccak with 256 bit hash length.

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Science+Busines Media Dordrecht

About this chapter

Cite this chapter

Frosch, T., Schäge, S., Goll, M., Holz, T. (2016). On Locational Privacy in the Absence of Anonymous Payments. In: Gutwirth, S., Leenes, R., De Hert, P. (eds) Data Protection on the Move. Law, Governance and Technology Series(), vol 24. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-7376-8_4

Download citation

Publish with us

Policies and ethics

Search

Navigation