Research Article
Maximizing Mix Zone Effectiveness for the Mitigation of De-anonymization Threats in the Traffic Probe Message Service
@INPROCEEDINGS{10.1007/978-3-642-29222-4_42, author={Jeremy Blum and Peter Okosun}, title={Maximizing Mix Zone Effectiveness for the Mitigation of De-anonymization Threats in the Traffic Probe Message Service}, proceedings={International ICST Workshop on Dedicated Short Range Communications}, proceedings_a={DSRC}, year={2012}, month={10}, keywords={}, doi={10.1007/978-3-642-29222-4_42} }
- Jeremy Blum
Peter Okosun
Year: 2012
Maximizing Mix Zone Effectiveness for the Mitigation of De-anonymization Threats in the Traffic Probe Message Service
DSRC
Springer
DOI: 10.1007/978-3-642-29222-4_42
Abstract
The Traffic Probe Message Service uses vehicle-to-roadside wireless communication to collect kinematic and other state data from participating vehicles. The draft standard requires vehicles to use pseudonymous identifiers in order to hide their identity. Whenever vehicles transmit state data to base stations called roadside equipment, the vehicles change their identifier and halt the collection of state data for a random period. These changes are designed to prevent a de-anonymization attack from reconstructing a vehicle’s path through the road network. Thus, the roadside equipment creates mix zones, which given enough vehicles within a zone and sufficient changes in vehicle mobility patterns, can reduce the success of de-anonymization attacks. In highway scenarios, optimal mixing is likely in the regions near highway interchanges. This paper hypothesizes that given the rules snapshot generation, the optimal place for pseudonym changes is upstream of the middle of an interchange. Simulations of various traffic conditions in a large highway scenario support this hypothesis, and suggest that roadside equipment be placed such that they create pseudonym changes at these locations in order to maximize the ability of mix zones to mitigate de-anonymization threats.