ntru implementation of efficient privacy-preserving...

Research ArticleNTRU Implementation of Efficient Privacy-PreservingLocation-Based Querying in VANET

Bo Mi1 Darong Huang1 and Shaohua Wan 2

1 Institute of Information Science and Engineering Chongqing Jiaotong University Chongqing 400074 China2School of Information and Safety Engineering Zhongnan University of Economics and Law Wuhan 430073 China

Correspondence should be addressed to Shaohua Wan shaohuawanieeeorg

Received 26 January 2018 Accepted 21 March 2018 Published 3 May 2018

Academic Editor Xuyun Zhang

Copyright copy 2018 Bo Mi et al This is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

The key for location-based service popularization in vehicular environment is security and efficiency However due to theconstrained resources in vehicle-mounted system and the distributed structure of fog computation disposing of the conflictsbetween real-time implementation and userrsquos privacy remains an open problem Aiming at synchronously preserving the positioninformation for users as well as the data proprietorship of service provider an efficient location-based querying scheme is proposedin this paper We argue that a recent scheme proposed by Jannati and Bahrak is time-consuming and vulnerable against activeadaptive corruptions Thus accordingly a postquantum secure oblivious transfer protocol is devised based on efficient NTRUcryptosystem which then serves as the understructure of a complete location-based querying scheme in ad hoc manner Thesecurity of our scheme is proved under universal composability frame while performance analysis is also carried out to testifyits efficiency

1 Introduction

With the development and fusion of techniques such assensing controlling communication positioning and fogcomputation vehicular ad hoc network (VANET) whichis identified as a specific application of Internet of Things(IoT) has become a promising understructure to enhancetraffic safety and convenience As an important elementof the intelligent transportation system (ITS) VANET istypically composed of numerous on-board units (OBU)equipped on vehicles and road-side units (RSUs) serve asinfrastructure [1] Different from traditional networkingvehicular ad hoc network emphasizes heavily on adaptivecomputation as well as communication of end-users andedge devices which is characterised as localized data storagedense geographical distribution boundary service providingand compound data aggregation or analysis A wide rangeof applications can be supported taking advantage of suchfundamental installation for example when driving on theroad one can fall back on the VANET to locate services(shops gas stations etc) on his route or even be notified of

any forecasted traffic condition along her itinerary Thoughit is envisioned that the future transportation would beldquoinformation-drivenrdquo and ldquowirelessly enabledrdquo the prob-lems of confidential and privacy-preserving communica-tion remain insufficiently solved due to the broadcastingnature of VANET [2] Moreover since one of the mostattractive applications of VANET is location-based queryingit is always self-extended to traditional networks such asInternet As illustrated in Figure 1 any authorized on-boardunit may access the querying service providers (QSPs) inbackbone or local RSUs to inquire about interested infor-mation via various communication channels which makesthe security issue more complicated in such foggy environ-ment

As for privacy the user may not want anybody includingthe infrastructure units or service providers to be aware ofany information about her queryThat means it should eitherbe impossible to link up a query with the real identity of theuser or make the query itself indistinct to some extent Inorder to accomplish privacy requirement two research linesare followed in literatures

HindawiWireless Communications and Mobile ComputingVolume 2018 Article ID 7823979 11 pageshttpsdoiorg10115520187823979

2 Wireless Communications and Mobile Computing

Internet

GPS

Base Station

RSU

OBU

OBU

QSP

CA

Transaction Gateway

Figure 1 VANET extension

11 Correlation Concealment Due to the interactive nature oflocation-based querying one can easily associate the identityof a user with a specific location which may severely violatethe privacy of personal health condition social relationshipshabits and so on Accordingly once the connectivity ofinquired location and user ID are obscured the sensitiveinformation may be preserved to some extent This kind ofprivacy-protection method includes the following

111 Anonymity and Pseudonym The goal of cryptonymmethods is to prevent an adversary from reidentifying thedata source by exploiting any exposed information It gener-ally relies on the fact that most location-based services arenot strictly dependent on the knowledge of userrsquos identityThereby themost challenging issues turn into pseudonymousauthentication integrity and nonrepudiation Specificallya large number of certificates are usually preloaded foreach vehicle which will be abandoned after usage in ashort period of time Coupled with reputation mechanismsthose certificates can thus be used to appraise credibilityof anonymous sources or to fulfil the backtracking purpose[3] Nevertheless anonymity and pseudonym schemes areonly robust to semihonest secure model because maliciousvehicles may not discard or update their certificates asrequired by the protocols [4]

112 Mix Zones The technique of mix zones is origi-nally introduced by Beresford and Stajano [5] where thepseudonym should be exchange amongst all users within asame zone The time interval when a vehicle passes througha mix zone is called the silent period which means it mustdumb its position so as to break off the connection betweenits identities at the entry and exit points Palanisamy andLiu [6] investigated various context information in trafficenvironment thatmay reveal detailed trajectories such as geo-metrical or temporal constraints and devised the MobiMixapproach directing against such privacy infringement It isworth mentioning that the idea of 119896-anonymity presented byGruteser and Grunwald [7] is always served as a combinationof anonymity (pseudonym) and mix zone implementationFor example Caballero-Gil et al [8] exploited the spatial andtemporal cloaking to calculate the 119896-anonymity set whichmakes a vehicle indistinguishable from other 119896 minus 1 counter-parts To avoid active corruption if a number of complaints

are received pertinent to a malicious node a track algorithmcan also be carried out to prevent further detriment Aimingat Sybil attack Feng et al [9] bounded 119896-anonymity andreputation schemes together which can effectively suppressthe spread of false messages when updating the anonymity

12 Query Fuzzification Theservice of location-based query-ing can be deemed as a process of information retrievalwhichmeans only the users care about the correctness or pre-cision of the research outcomesTherefore lots of approachesare presented taking the advantage of information asymmetrybetween users and the server including the following

121 Position Dummies It is aiming to deceive the QSP byconfounding the userrsquos true position together with multiplefalse locations [10ndash13] Nevertheless since the traffic net-works are always scattered but structured it is difficult tocreate dummies indistinguishable from the true positionIn order to generate plausible dummies Shankar et al [14]proposed the SybilQuery approach which obfuscates thereal position with dummies chosen from a historical trafficdatabase

122 Obfuscation The idea behind position obfuscation isto intentionally reduce the precision of inquiry messagesTypically the protocol proposed by Ardagna et al [15] useda circular area to substitute the exact position of a userThough the obfuscation area can be allodially determinedby the querier the trade-off between privacy and precisionis of great significance Thus accordingly Reynold et al [16]introduced amodel for probabilistic range queries dependingon the overlapping size of the query area and the obfuscationshapes Another way to obfuscate the userrsquos position is thecoordinate transformation where some geometric mappingsare carried out on a series of usersrsquo coordinates before sendingto the server However in order to ensure the functionalityof the QSP it is impossible to find an all-sided protectionscheme purely based on coordinate transformation becausethe service provider has to be able to determine the relativeposition of objects and areas to each other [17] In addition topreserve the trajectory of user a great deal of spatiotemporallocation obfuscation schemes are also proposed which alsotook the temporal information associated with positions intoaccount [18ndash25]

Wireless Communications and Mobile Computing 3

Table 1 Security parameters for diffident public key cryptosystems

Mathematical problem Integer factorization Elliptic curve discrete logarithm Discrete logarithmSecurity level RSA (bits) ECC (bits) ElGamal (bits)Low security 1024 160 1024Moderate security 2048 224 2048Standard security 3072 256 3072High security 7680 384 7680Highest security 15360 512 15360

123 Position Sharing With the existence of several un-trusted servers location information can be mathematicallycalculated as a series of shares and distributed on differentdatabases This approach was first proposed by Durr et al[26] who split up the location information into shares ofstrictly limited precision After retrieving adequate sharesfrom multiple servers the user can execute a combinationalgorithm which fuses them into a message of higher preci-sion In order to prevent attackers from deriving the preciseposition via coordinate relationships of amap Skvortsov et altook map knowledge into account [27] and further improvedtheir protocol by optimizing the placement of shares in termsof serversrsquo trustworthiness [28] Though position sharingschemes can also be implemented on account of obfuscationor coordinate transformation [29] cryptography-based fash-ions are preferable due security consideration [30]

124 Cryptographic Approaches Due to the capacities suchas confidentiality integrity and authenticity cryptographicprimitives are taken as desirable building blocks to realizeposition privacy For the sake of concealing the real identityof a user ring or group signature are generally used toconfound the querier as a member of a vehicular set [3132] By using private information retrieval (PIR) techniquea QSP can answer queries without learning or revealingany information of the query [33 34] Meanwhile sincethe computational result of ciphertext matches that of theplaintext homomorphic cryptosystems are also valued aspromising tools for location privacy application [35 36]

Nevertheless the aforementioned approaches took onlythe querierrsquos position information as a target for protectionand simply lost the sight of QSPrsquos data ownership Practicallythe charging models in nowadays always lie on a per-querybasis which enable drivers to use the service in ad hocmannerand pay for their queries according to the quantity Withregard to the proprietorship ofQSPrsquos records Paulet et al [37]proposed a location-based querying approach in the light of1-out-119899 oblivious transfer (OT1119899)Their schememade use of anElGamal cryptosystem which imposed an additional privacyproperty for the sender such that the receiver could learn atmost one of the retrieved items However Jannati and Bahrak[38] caught the sight of its security defect arguing that thereceiver is able to decrypt all ciphered records thus the QSPrsquosdata ownership cannot be preserved In order to rectify thevulnerability of Pauletrsquos scheme they also reconstructed theoblivious transfer part of it at the cost of higher computationaloverhead

Table 2 Security parameters for NTRUEncrypt

Mathematical problem Shortest vector problemSecurity level 119873 119902 119901Moderate security 401 2048 3Standard security 439 2048 3High security 593 2048 3Highest security 743 2048 3

It is well known that ElGamal encryption is definedover a cyclic group 119866 whose security depends on thedifficulty of computing discrete logarithmsTherefore a largesecurity parameter must be considered in order to make surethat it is unbreakable Though other traditional public keycryptosystems may also be exploited as basic primitives torealize oblivious transfer they are deficient in efficiency dueto computational hardness assumptions depending on largeparameters For the same reason these cryptosystems tendto be vulnerable with the advent of quantum machine eraThe comparison of security parameters amongst diffidentcryptosystems is given in Table 1

During encryption phase ElGamal requires two expo-nentiation operations while one exponentiation should becorrespondingly carried out for decryption Since exponenti-ation on large numbers is always time-consuming and occu-pies a lot of memory we argue that Jannatirsquos scheme is notefficient enough especially under embedded environmentsMoreover though their scheme is proved to be secure undergame-based verification active and adaptive corruptionsare simply ignored because CCA (chosen ciphertext attack)security is unachievable by ElGamal cryptosystem itself [39]

In order to eliminate the defects of Jannatirsquos protocol wetake the advantage of NTRUEncrypt to implement privacy-preserving location-based querying As a relatively newpublic key cryptosystem developed in 1996 the numbertheory research unit encryption (NTRU) [40] runs fastercompared to other asymmetric encryption schemes andis more competitive to be realized in resource-constraintenvironments such as mobile devices or smart cards Up till2017 literatures can be found that introduce new parametersto resist currently known attacks and increase its computationpower [41 42] According to the latest research [43] theparameters in Table 2 are considered secure

As for Table 2 the parameters where 119873 defines atruncated polynomial ring 119877 = 119885[119909](119909119873 minus 1) used inNTRUEncrypt and 119902 119901 are two moduli are relatively smaller


than that of traditional public key cryptosystems Moreoverit uses only simple polynomial multiplications the time ofperforming an NTRU operation increases only quadraticallyTakingmoderate security for example if both exponentiationand polynomial multiplication are composed of log2119902-bitsmodular multiplications the former must invoke the basis1199022log2119902 times compared to 119873 log2119873 of the latter It isreported that using a modern GTX280 GPU a throughputof up to 200000 encryptions per second can be reached at asecurity level of 256 bits [44] which is only approximately20 times slower than a recent AES implementation [45]Accordingly we resort to the characteristics of high efficiencyas well as postquantum security and employ NTRUEncryptas a building block to realize oblivious transfer Then basedon the novel OT1119899 protocol an adaptive secure location-basedquerying scheme can thus be achieved

The rest of this paper is organized as follows We firstgive some preliminaries about oblivious transfer and NTRU-Encrypt in Section 2 In Section 3 a NTRU-based 1-out-119899 oblivious protocol will be devised in advance which isthen used to structure the secure location-based queryingscheme after describing the system model Security analysesand performance evaluations are given in Sections 4 and 5The paper is finally concluded in Section 6

2 Preliminaries on 1-Out-n ObliviousTransfer and NTRUEncrypt

Oblivious transfer originally introduced as conjugate codingowns its name to Rabin [46] Amongst different flavors ofOT 1-out-119899 oblivious transfer has been extensively studied inthe literature since any cryptographic task can be achieved bythis extremely basic primitive [47] In cryptography a 1-out-119899 oblivious transfer is a type of protocol in which a receiver119877 is entitled to obtain 1 out of 119899 messages held by a sender119878 without learning any other messages while the sender donot know which massage has been chosen The protocol isformally described as in Table 3

In order to optimize the performance of oblivious transferprotocol several tricks can be imposed on it For example[48] enables the computation of many OTs with a smallelementary cost from 119896OT at a normal cost and also enablesto reduce oblivious transfers of long strings to oblivioustransfers of short strings using a pseudorandom generator

In this paper an efficient and secure OT1119899 protocol willbe constructed based on NTRUEncrypt in the light of itslinearity and resistance to quantum machines The NTRUencryption algorithm works on a truncated polynomial ring119877 = 119885[119909](119909119873 minus 1) with convolution multiplication and allpolynomials in the ring have integer coefficients and degreeat most119873 minus 1

a (119909) = 1198860 + 1198861119909 + 11988621199092 + sdot sdot sdot + 119886119873minus1119909119873minus1 (1)

Similar to the prime decomposition problem exploitedby RSA the security of NTRUEncrypt relies on hardness offactoring a reducible polynomial which is equivalent to theshortest vector problem Thus it is infeasible to usurp thesecret key if the parameters are chosen secure enough

Table 3 Oblivious transfer paradigmFOT

Input(i) S input1198980 1198981 119898119899minus1 isin 119872(ii) R input 120575 isin 0 1 119899 minus 1Output(i) S output perp (ie nothing)(ii) R output119898120575

For each system three integer parameters (119873 119901 119902) arespecified where119901 and 119902 are twomoduli who truncate the ring119877 as 119877119901 = (119885119901119885)[119909](119909119873minus1) and 119877119902 = (119885119902119885)[119909](119909119873minus1)It is always assumed that119873119901 are prime while 119902 is coprime toboth 119902 and 119873 To generate a key pair two key polynomials119891 and 119892 whose coefficients lie within minus1 0 1 must begenerated in advance An additional requirement that thereexist two inverses 119891119901 119891119902 where 119891 sdot 119891119901 = 1mod119901 and 119891 sdot 119891119902 =1mod 119902 must also be satisfied Then 119891 together with 119891119901 canbe preserved as the secret key while ℎ = 119901 sdot 119891119902 sdot 119892 will bepublished to be the public key

During encrypting phase a message 119898 should be rep-resented as a binary or ternary string and transformed intoa truncated polynomial within the ring 119877 Then a bindingpolynomial 119903 with small coefficients should be randomlychosen to calculate the ciphertext as

119888 = 119903 sdot ℎ + 119898 (mod 119902) (2)

In order to decrypt the cryptograph c the receiver firstcomputes

119886 = 119891 sdot 119888 (mod 119902) (3)

and then lifts its coefficients to interval [minus1199022 1199022] andachieves the plaintext as

119898 = 119891119901 sdot 119886 (mod119901) (4)

In order to prove the correctness of our protocols apolynomial set T(1198891 1198892) specified by two parameters isdefined in advance

Definition 1 For any positive integers 1198891 and 1198892T (1198891 1198892)

=

1198891 cofficients of a (119909) are 1a (119909) isin 119877119902 1198892 cofficients of a (119909) are minus 1

other cofficients of a (119909) are 0

(5)

According to Definition 1 the correctness of NTRUdecryption can be guaranteed in terms of the conditiondescribed as below

Lemma 2 If the polynomials of NTRU cryptosystem arechosen from

119891 isin T (119889 + 1 119889) 119892 isin T (119889 119889) 119903 isin T (119889 119889)

(6)


whose coefficients satisfy

119902 gt 119901 (6119889 + 1) (7)

then a legal receiver can accurately recover ciphertext 119888with herprivate key

Proof Since all polynomials of

119886 = 119901 sdot 119892 sdot 119903 + 119891 sdot 119898 (mod 119902) (8)

are provided with coefficients designated by formula (6) theparameters of 119892 sdot 119903 after convolution polynomial multiplica-tion will never overrange [minus2119889 2119889] Similarly the parametersof 119891 as well as119898 are located within [minus1199012 1199012] which meansthat the maximal parameter of 119891 sdot 119898 is 119901(119889 + 12) to its veryextent As a result once the condition of 119902 gt 119901(6119889 + 1) ismet all parameters of (8) can be lifted to [minus1199022 1199022] withoutlosing any information Then by computing

119891119901 sdot 119886 = 119891119901 sdot 119901 sdot 119892 sdot 119903 + 119898 = 119898 (mod119901) (9)

the message can accurately be recovered

3 Location Privacy-Preserving QueryingBased on NTRU

In this paper a novel location-based querying scheme isproposed aiming at not only protecting the position privacyof drivers but also preserving the data proprietary of QSPSpecifically three goals must be achieved in terms of securityand feasibility

(a) Within authenticated but not confidential communi-cation environments any malicious third party is incapableof gaining or efficaciously modifying any information of theconversation

(b) Even if active and adaptive corrupted participantexists the driver must be insensible of any data hold by QSPexcept the one she requested while keeping her queryinginformation concealed

(c) The protocol should be feasible on both vehicle-mounted devices as well as location-based servers whichmeans that low computation and communication burdenmust be fulfilled

For clarity a novel 1-out-119899 oblivious transfer protocol willbe presented in the first place Then we will employ it as thebuilding block to complete our entire scheme

31 NTRU Implementation of 1-Out-119899 Oblivious TransferDifferent from traditional public key cryptosystems NTRUis structured on a truncated polynomial ring which isprovided with both addition and multiplication Since thetime of performing convolutionmultiplication is much fasterthan that of modular exponentiation on large numbers thepreferable efficiency and security property of NTRU aremoreappropriate to construct the basic oblivious transfer protocol

In order to realize the NTRU-based 1-out-119899 oblivioustransfer the messages held by the sender are presented as1198980 1198981 119898119899minus1 which must be kept unacquainted from the

receiver except for119898120575 Accordingly we describe the primitive1-out-119899 oblivious transfer protocol as below

During key generation phase the sender constructs a keypair as in Section 2 she releases her public key 119901119896 = ℎ to allpotential receivers or stores it in a communal database whilekeeping the secret key 119904119896 = (119891 119891119901) private

In oblivious transfer phase the sender is supposed tochoose 119899 random polynomials 1205740 1205741 120574119899minus1 from T(119889 119889)where 119903119894 sdot ℎ can be represented as 119901 sdot 119891119902 sdot 120574119894 and encrypt allplaintexts to be

119888119894 = 119903119894 sdot ℎ + 119898119894 (mod 119902) (119894 = 0 1 119899 minus 1) (10)

which is then sent to the receiverWhen all ciphertexts are received the receiver first gener-

ates a random polynomial 119904 belonging toT(119889 119889) and figuresout its inverse 119904minus1(mod119901) If the inverse of polynomial 119904 doesnot exist she can simply resample another one and repeat theinversion process

After that the receiver must single out the 120575th ciphertextand compute it as

1198881015840120575 = 1199031015840 sdot ℎ + 119904 sdot 119888120575 (mod 119902) (11)

utilizing another randompolynomial 1199031015840 chosen fromT(119889 119889)The result will be sent back to the sender

Depending on the altered ciphertext 1198881015840120575 the sender cancalculate

119886120575 = 119891 sdot 1198881015840120575 (mod 119902) 119887120575 = 119886120575 (mod119901)

(12)

and then

11988810158401015840120575 = 119891119901 sdot 119887120575 (mod119901) (13)

to be her response for the driverSince the driver is aware of polynomial 119904 she can achieve

the expected messages119898120575 by multiply 11988810158401015840120575 with 119904minus1modulo 119901The above process is also characterized in Table 4Correctness of the 1-out-119899 oblivious transfer protocol

relies on the computation of polynomials in truncated poly-nomial ring as follows

Lemma 3 The driver can correctly obtain message 119898120575 if 119902 gt2119901(21198892 + 5119889)Proof Since the parameters of 119892 sdot 119903 or 120574120575 sdot 119904 are seated within[minus2119889 2119889] and the coefficients of 119891 sdot 119904 sdot 119898120575 cannot exceed119901(21198892 + 119889) for polynomial 119886120575 = 119901 sdot 119892 sdot 1199031015840 + 119901 sdot 120574120575 sdot 119904 +119891 sdot 119904 sdot 119898120575(mod 119902) No information will be lost when liftingthe coefficients of 119886120575 to [minus1199022 1199022] if 119902 gt 2119901(21198892 + 5119889) thesame as Lemma 2 By computing119898120575 = 11988810158401015840120575 sdot119904minus1(mod119901) where11988810158401015840120575 = 119904 sdot 119898120575(mod119901) the driver can achieve the exact message119898120575 she expected

32 Efficient and Secure Location-Based Querying The sys-tem ismodelled as aQSP and a series of vehiclesMore specif-ically the QSP can be considered working in a distributed


Table 4 OT1119899 protocol based on NTRUEncrypt

Server DriverHolds nmessages119898119894 isin 0 1119873 Holds 120575 120575 isin 0 1 119899 minus 1119894 = 0 1 119899 minus 1Key generation phase(119902 119901 119891 119891119902 119891119901 119892) larr 119870119890119910119866119890119899(120581)119904119896 (119891 119891119901)119901119896 ℎSends 119901119896 to the driverOblivious transfer phaseFor all 119894 = 0 1 119899 minus 1120574119894larr119877T(119889 119889)119888119894 = 119901 sdot 119891119902 sdot 120574119894 + 119898119894(mod 119902)Sends all 119888119894 to the driver

1199031015840larr119877T(119889 119889)119904larr119877T(119889 119889) where 119904 is reversible modulo 119901

1198881015840120575 = 1199031015840 sdot ℎ + 119904 sdot 119888120575(mod 119902)Sends 1198881015840120575 back to the server

119886120575 = 119891 sdot 1198881015840120575(mod 119902)119887120575 = 119886120575(mod119901)11988810158401015840120575 = 119891119901 sdot 119887120575(mod119901)Sends 11988810158401015840120575 to the driver

119898120575 = 11988810158401015840120575 sdot 119904minus1(mod119901)

manner which is composed of a centralized authenticationserver together with numerous delivery RSUs The reasonbehind such configuration is to separate data retrieval fromtransaction process which not only preserves the driverrsquosposition privacy but also abates the operating load of servicecentre Resorting to the OBUs equipped on vehicles driversare able to determine their current position via localizationdevices such as GPS or WiFi

In initialization phase the QSP first generates its key pairand divides the geography to be a public grid 119866 composed of119881 rows and 119882 columns For each cell V times 119908 of the grid sheassembles all related data as a message 119889119894 where 119894 = 119908+V sdot1198820 le V le 119881 minus 1 and 0 le 119908 le 119882 minus 1 and encrypts it as1198891015840119894 = 119864119898119894=119896Voplus119896119908(119889119894) by symmetric cryptosystem 119864 accordingto the keys 119896V 119896119908 designated to each row and column Thenthe QSP stores its key pair together with all 119896V 119896119908 as well as1198891015840119894 in distributed RSUs

In retrieving phase the driver should complete both thepayment and oblivious transfer process as follows

In order to actualize the requirement of pay-per-retrievalfor location-based service the driver should ask for a randomnumber 119903 from its adjacent RSU and sign it using her privatekey corresponding to the valid digital certificate After verify-ing the digital signature sent by the driver the authenticationserver should launch a preconcerted 119864-commerce protocolto accomplish the transaction resign the random number 119903in terms of her own private key and then send it back tothe driver Availing herself of the signed random number thedriver can thus prove to the RSU that she has paid for theservice

After that the driver is in a position to interact with theadjacent RSU and acquire 119896V120575 as well as 119896119908120575 corresponding toher interested coordinates in the light of the aforementioned1-out-119899 oblivious transfer protocol Then she retrieves allencrypted messages and decrypts 119889120575 = 119863119898120575=119896V120575oplus119896119908120575 (119889

1015840120575) to

recover the data she expectedIt is worth noting that the driver may retrieve all

encrypted messages only once and store some of them forfurther queries In addition even if the driverrsquos identityis exposed during the authenticating process it will notjeopardize the confidentiality of her queried position due tothe intrinsic nature of oblivious transfer

The process is illustrated in Table 5In fact the aforementioned protocol can be regarded

as being based on 2-out-119899 oblivious transfer since twosymmetric keys 119896V120575 119896119908120575 should be retrieved However allencrypted data need only to be transmitted once duringretrieval phase which means the extra computation andcommunication overheads are trivial Moreover the publickey pair of driver is only used for authentication and paymentbut not necessarily for oblivious transfer

4 Security Analysis

We investigate the serverrsquos data proprietorship and the driverrsquosposition privacy in oblivious transfer at first It should benoted that the messages obliviously transferred are symmet-ric keys 119896V120575 119896119908120575 instead of 119898120575 actually however we willalternatively apply these notations for smooth representation


Table 5 The proposed privacy-preserving location-based querying scheme

Central ServerRSUsHolds 119881 times119882messages 119889119894

119894 = 119908 + V sdot 119882 isin 0 1 119881 times119882 minus 1Initialization phase(119904119896 119901119896) larr 119870119890119910119866119890119899(120581)119866 larr 119866119890119900119892119903119886119901ℎ119910 G is a 119881 times119882 gridFor all V isin 0 1 119881 minus 1 and 119908 isin 0 1 119882 minus 1119896V 119896119908 larr1198770 1120581119898119894 = 119896119908 oplus 119896V 119894 = 119908 + V sdot 1198821198891015840119894 = 119864119898119894 (119889119894)Put 119904119896 119901119896 and all 119896V 119896119908 1198891015840119894 in RSUs

Receives and stores 119904119896 119901119896 as well as all 119896V 119896119908 1198891015840119894 locallyLocal RSU Driver

Holds 119904119896 119901119896 and all 119896V 119896119908 1198891015840119894 as above Holds (V120575 119908120575) V120575 isin 0 1 119881 minus 1119908120575 isin 0 1 119882 minus 1

Authentication and transaction phaseRequests for service

119903larr1198770 1120581 and sends it to the driverSign119904119896driver (119903)

Completes the authentication as well as payment process with the central serverReceives Sign119904119896(119903) from the central server and sends it to the RSU

Verifies Sign119904119896(119903)Retrieving phase

Retrieves all 1198891015840119894 from local RSUExecutes the NTRU-based OT protocol with the driver Executes the NTRU-based OT protocol with the RSU and gets 119896V120575 and 119896119908120575

120575 = 119908120575 + V120575 sdot 119882119898120575 = 119896V120575 oplus 119896119908120575 119889120575 = 119863119898120575 (1198891015840120575)

As for the driverrsquos position privacy we claim the follow-ing

Lemma4 TheQSP gains no information on the driverrsquos choice120575 in the proposed OT protocol

Proof Using the private key 119904119896 the QSP can compute 11988810158401015840120575 =119904 sdot 119898120575(mod119901) However she is ignorant of the driverrsquos secretpolynomial 119904 and thereby cannot differentiate the choice 120575from any other by comparing it with possessed messagesthough the QSP may fortunately figure out 1199031015840 + 119903120575 sdot 119904(mod 119902)if 119892 is reversible whichmeans she can further achieve (1199031015840+119903120575 sdot119904)sdot(119904sdot119898120575)minus1 = 1199031015840 sdot119904minus1 sdot119898minus1120575 +119903120575 sdot119898minus1120575 Nevertheless since 1199031015840 and 119904are uniformly distributed119898120575 is totally indistinguishable

The serverrsquos data proprietorship can be found as follows

Lemma 5 The driver gains no information on119898119894 if 119894 = 120575Proof The driver is aware of 119888119894 = 119903119894 sdot ℎ119878 + 119898119894(mod 119902) for allmessages Since she does not possess the serverrsquos private keythe mistiness of119898119894 from 119888119894 is straight-forward

With regard to the processes of authentication and trans-action the driver would interact with a central server directly

to achieve a voucher signed by the QSPrsquos private key Thatmeans the RSU is incapable of linking the driverrsquos currentposition up to her identity Moreover since the voucher isgenerated according to a provisional random number chosenby the RSU the chance that a driver replay her voucher tocheat the QSP out of her service is negligible Thanks tothe intrinsic characteristic of OT even if the identity of thedriver is exposed in case that the RSU colludes with the cen-tral server the confidentially of required coordinate wouldnever be compromised Supposing that the driverrsquos identityprivacy is obligatory in certain circumstances anonymousauthentication schemes such as that of [49] are furthersuggested

Now we argue UC security of the complete schemeIn order to testify that a real-world implementation of ourscheme is indistinguishable from its simulation the idealfunctionality is firstly defined as follows

Definition 6 The ideal functionality FminusOT receives a coordi-nate (V120575 119908120575) isin 0 1 119881minus1times0 1 119882minus1 together withan identity from the driver and a vector of 119897-bitsmessages thatis (1198890 1198891 119889119881times119882minus1) from the server 119878 but only outputs a119897-bits string 119889120575 to the driver119863


Table 6 Comparison of computation and communication overheads

QSP DriverJannati and Bahrak Ours Jannati and Bahrak Ours

Modular exponentiation 3(119881 +119882 + 1) 0 9 0Modular (polynomial) multiplication 2(119881 +119882) + 1 119881 +119882 + 4 7 6Generating random numbers (polynomials) 119881 +119882 + 2 119881 +119882 2 4Secret keys 2 1 2 0Public keys 2 1 0 0Communication burden (polynomials) 119881 +119882 + 1 119881 +119882 + 2 2 2

In line with Definition 6 two simulators S1 S2 canbe established to emulate the corrupted QSP and driverrespectively Since

Pr [FminusOT = 120575] = 1(119881 times119882) (14)

it is obvious that1003816100381610038161003816Pr [FOT = 120575] minus Pr [FminusOT = 120575]1003816100381610038161003816 lt 120576 (120581) (15)

according to Lemma 4 So the indistinguishability

S1 (120581 IDdriver (1198890 1198891 119889119881times119882minus1) )

cong VIEWQSP (IDdriver (1198890 1198891 119889119881times119882minus1)

(V120575 119908120575) )

(16)

is straight-forwardSimilarly once the symmetric cryptosystem (119864119863) is

noncommitting the distributions of 1198891015840119894 =120575 in FOT and FminusOTare both uniform and indiscernible which means

Pr [FOT = 1198891015840119894 =120575] = Pr [FminusOT = 1198891015840119894 =120575] = 1(|119872| minus 1) (17)

where |119872| stands for the size of plaintext space andS2 (120581 (V120575 119908120575) (11988910158400 11988910158401 1198891015840119881times119882minus1))

cong VIEWdriver ((V120575 119908120575) (11988910158400 11988910158401 1198891015840119881times119882minus1)) (18)

due to the ignorance of 119896V119894 =120575 and 119896119908119894 =120575 on driverrsquos side in termsof Lemma 5

Thus we claim the folowing

Theorem 7 Our protocol securely implements the functional-ityFminus119874119879 if the symmetric encryption scheme (119864119863) is noncom-mitting

5 Performance Evaluation

Since only simple polynomial multiplications are needed forNTRU cryptosystem it features high speed low memoryrequirements and reasonably short and easily created keys

The moduli used in NTRUEncrypt specially are logarith-mically smaller than that of traditional asymmetric cryp-tosystems based on integer factorization or discrete loga-rithm which implies preferable efficiency and practicabilityAccording to the report from [50] the speed ofNTRU is up to1300 times faster than 2048-bit RSA and 117 times faster thanECC NIST-224 when comparing the number of encryptionsper second Our experimental results also signified that theratio of encryption times between 2048-bit ElGamal andNTRU in moderate security is 355 1

In order to impartially compare with Jannatirsquos protocolonly retrieval process will be considered in the following per-formance analysis Though authentication and transactionare introduced in our scheme for pay-per-service purposethe extra overheads are ineluctable but negligible comparedto that of oblivious transfer Table 6 illustrates the comparisonof computation as well as communication overheads betweenour and Jannatirsquos scheme However since the basic operationsused in NTRU are absolutely different from that of ElGamalit should be noted that modular multiplications and modularpolynomial multiplications are correspondingly applied toone of them

Compared to Jannatirsquos protocol in Table 6 it is obviousthat no exponentiations would be necessary in our schemeand the overhead of modular multiplication is also halvedeven without regard for the scale of moduli It is worthmentioning that though the number of transmittedmessagesare almost the same between Jannatirsquos scheme and ourswe have evidently depressed the communication burdenbecause a ElGamal encryption works on a large cyclic groupand produces a double expansion in size from plaintext tociphertext Meanwhile our scheme is more applicable sincethe receiver is free of generating or distributing any publickey during oblivious transfer process

We also simulated our and Jannatirsquos protocol by Cprogram The experiment is carried out on an Intel Corei3-2330M processor (Sandy Bridge) where each party runson one core The computation burden and communicationoverhead for each retrieval are averaged by 500 tests

According to Table 7 it is obvious that our scheme dra-matically outperforms Jannatirsquos protocol with respect to bothcomputation and communication overheads Specificallytaking the resource limits of OBU into account the opera-tional efficiency is 479 times that of Jannatirsquos protocol whichmeans our scheme is more applicative in embedded andreal-time environments We simply neglected the delivery


Table 7 Timings in milliseconds and delivery loads in kilobytes for per retrieval (moderate security)


Running time 99323 326 4785 010Data size (119881 +119882 = 64) 3412 810 108 023

load of queried data in our experiment however retrievingall 1198891015840119894 indistinguishably from the server is inevitable due tothe query privacy for any oblivious transfer Fortunately thedriver can only retrieve the ciphered messages ones and keepall expected portions in the local storage or she may ignoreany other messages except for 1198891015840120575 when receiving the QSPrsquosbroadcast

6 Conclusion

This paper proposed a privacy-preserving location-basedquerying scheme in virtue of NTRUEncrypt Thanks to theintrinsic nature of NTRU cryptosystem such as postquantumsecurity high speed low storage requirements and shortkeys our scheme is resistant to active adaptive corruptionsand more practicable within vehicular ad hoc networkSpecifically the computational overheads are only 033 and021 percent while the communication burdens are 24 and21 percent compared to those of a recent scheme presentedby Jannati and Bahrak Besides the theoretical and experi-mental performance analyses we also depicted the detailedprocess of authentication and transaction for pay-per-servicepurpose In the light of universal composability frame it isbelievable that our scheme is secure with the functionalityof oblivious transfer realized For further work we expect toreduce the interactive round of retrieving phase from 3 to 2and decrease the RSUrsquos overheads to a higher degree

Conflicts of Interest

The authors declare that they have no conflicts of interest

Acknowledgments

The work was supported by National Natural ScienceFoundation under Grants 61703063 61663008 61573076and 61004118 the Scientific Research Foundation forthe Returned Overseas Chinese Scholars under Grant2015-49 the Program for Excellent Talents of ChongqingHigher School under Grant 2014-18 the PetrochemicalEquipment Fault Diagnosis Key Laboratory in GuangdongProvince Foundation under Grant GDUPKLAB201501 theResearch Project for the Education of Graduate Students ofChongqing under Grant yjg152011 Chongqing Associationof Higher Education 2015-2016 Research Project underGrant CQGJ15010C Higher Education Reform Project ofChongqing Municipal Education Commission under Grant163069 the Key Research Topics of the 13th Five-year planof Chongqing Education Science under Grant 2016-GX-040the Chongqing Natural Science Foundation under Grants

CSTC2015jcyjA0540 and CSTC2017jcyjA1665 and Scienceand Technology Research Project of Chongqing MunicipalEducation Commission of China under Grants KJ1600518KJ1705139 and KJ1705121

References

[1] F-Y Wang D Zeng and L Yang ldquoSmart cars on smart roadsAn IEEE intelligent transportation systems society updaterdquoIEEE Pervasive Computing vol 5 no 4 pp 68-69 2006

[2] H Hasrouny A E Samhat C Bassil and A Laouiti ldquoVANetsecurity challenges and solutions A surveyrdquoVehicular Commu-nications vol 7 pp 7ndash20 2017

[3] J Wang Y Zhang Y Wang and X Gu ldquoRPRep A Robustand Privacy-Preserving Reputation Management Scheme forPseudonym-Enabled VANETsrdquo International Journal of Dis-tributed Sensor Networks vol 12 no 3-4 Article ID 6138251 pp1ndash15 2016

[4] BWiedersheimZMa FKargl andP Papadimitratos ldquoPrivacyin inter-vehicular networks why simple pseudonym change isnot enoughrdquo in Proceedings of the IEEEIFIP International Con-ference on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 176ndash183 February 2010

[5] A R Beresford and F Stajano ldquoMix zones user privacy inlocation-aware servicesrdquo in Proceedings of the 2nd IEEE AnnualConference on Pervasive Computing andCommunicationsWork-shops pp 127ndash131 Orlando Fla USA March 2004

[6] B Palanisamy and L Liu ldquoMobiMix protecting location pri-vacy with mix-zones over road networksrdquo in Proceedings of theIEEE 27th International Conference on Data Engineering pp494ndash505 Hannover Germany April 2011

[7] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003

[8] C Caballero-Gil J Molina-Gil J Hernandez-Serrano O Leonand M Soriano-Ibanez ldquoProviding k-anonymity and revoca-tion in ubiquitous VANETsrdquoAdHoc Networks vol 36 pp 482ndash494 2016

[9] X Feng C-Y Li D-X Chen and J Tang ldquoA method fordefensing against multi-source Sybil attacks in VANETrdquo Peer-to-Peer Networking and Applications vol 10 no 2 pp 306ndash3142017

[10] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press July 2005

[11] L Qi X Zhang W Dou and Q Ni ldquoA distributed locality-sensitive hashing-based approach for cloud service recommen-dation from multi-source datardquo IEEE Journal on Selected Areasin Communications vol 35 no 11 pp 2616ndash2624 2017


[12] L Qi X Xu X Zhang et al ldquoStructural Balance Theory-based E-commerce recommendation over big rating datardquo IEEETransactions on Big Data p 1 2016

[13] L Qi W Dou C Hu Y Zhou and J Yu ldquoA context-aware ser-vice evaluation approach over big data for cloud applicationsrdquoIEEE Transactions on Cloud Computing p 1 2015

[14] P Shankar V Ganapathy and L Iftode ldquoPrivately queryinglocation-based services with sybilqueryrdquo in Proceedings of the11th ACM International Conference on Ubiquitous ComputingUbiComprsquo09 pp 31ndash40 Orlando Fla USA October 2009

[15] C A Ardagna M Cremonini E Damiani S de Capitanidi Vimercati and P Samarati ldquoLocation privacy protectionthrough obfuscation-based techniquesrdquo in Data and Applica-tions Security XXI vol 4602 of Lecture Notes in ComputerScience pp 47ndash60 Springer Berlin Germany 2007

[16] C Reynold Y Zhang E Bertino and S Prabhakar ldquoPreservinguser location privacy in mobile data management infrastruc-turesrdquo in Privacy Enhancing Technologies G Danezis and PGolle Eds vol 4258 of Lecture Notes in Computer Science pp393ndash412 Springer Berlin Germany 2006

[17] A Gutscher ldquoCoordinate transformation - A solution for theprivacy problem of location based servicesrdquo in Proceedings ofthe 20th IEEE International Parallel and Distributed ProcessingSymposium IPDPS 2006 p 7 IEEE Rhodes Island GreeceApril 2006

[18] J Yang Z Zhu J Seiter and G Troster ldquoInformative yetunrevealing Semantic obfuscation for location based servicesrdquoin Proceedings of the 2nd ACM SIGSPATIAL Workshop onPrivacy in Geographic Information Collection and AnalysisGeoPrivacy New York NY USA 2015

[19] F Li S Wan B Niu H Li and Y He ldquoTime obfuscation-based privacy-preserving scheme for Location-Based Servicesrdquoin Proceedings of the 2016 IEEE Wireless Communications andNetworkingConferenceWorkshopsWCNCW2016 pp 465ndash470IEEE Doha Qatar April 2016

[20] J D Park E Seglem E Lin and A Zufle ldquoProtecting User Pri-vacyrdquo in Proceedings of the the 1st ACM SIGSPATIALWorkshoppp 1ndash4 Redondo Beach CA USA November 2017

[21] L Qi H Xiang W Dou C Yang Y Qin and X ZhangldquoPrivacy-preserving distributed service recommendation basedon locality-sensitive hashingrdquo in Proceedings of the 2017 IEEEInternational Conference on Web Services (ICWS) pp 49ndash56Honolulu Hawaii USA June 2017

[22] X Zhang L Qi W Dou et al ldquoMRMondrian Scalable Multi-dimensionalAnonymisation for BigData Privacy PreservationrdquoIEEE Transactions on Big Data p 1 2017

[23] S Wan Y Zhang and J Chen ldquoOn the Construction of DataAggregation Tree with Maximizing Lifetime in Large-ScaleWireless Sensor Networksrdquo IEEE Sensors Journal vol 16 no 20pp 7433ndash7440 2016

[24] W Huang S-K Oh and W Pedrycz ldquoFuzzy Wavelet Polyno-mial Neural Networks Analysis andDesignrdquo IEEE Transactionson Fuzzy Systems vol 25 no 5 pp 1329ndash1341 2017

[25] S Wan ldquoEnergy-efficient adaptive routing and context-awarelifetime maximization in wireless sensor networksrdquo Interna-tional Journal of Distributed Sensor Networks vol 10 no 11Article ID 321964 2014

[26] F Durr P Skvortsov and K Rothermel ldquoPosition sharingfor location privacy in non-trusted systemsrdquo in Proceedings ofthe 9th IEEE International Conference on Pervasive Computingand Communications PerCom 2011 pp 189ndash196 IEEE SeattleWash USA March 2011

[27] P Skvortsov F Durr and K Rothermel ldquoMap-aware positionsharing for location privacy in non-trusted systemsrdquo LectureNotes in Computer Science (including subseries Lecture Notesin Artificial Intelligence and Lecture Notes in Bioinformatics)Preface vol 7319 pp 388ndash405 2012

[28] P Skvortsov B Schembera F Durr et al Optimized SecurePosition Sharing with Non-trusted Servers 2017

[29] J Venkatanathan J Lin and M Benisch Who when whereObfuscation preferences in location-sharing applications 2011

[30] R Yang Q Xu M H Au Z Yu H Wang and L ZhouldquoPosition based cryptography with location privacy A step forFog Computingrdquo Future Generation Computer Systems vol 78pp 799ndash806 2018

[31] S Zeng YHuang andX Liu ldquoPrivacy-preserving communica-tion for VANETswith conditionally anonymous ring signaturerdquoInternational Journal of Network Security vol 17 no 2 pp 135ndash141 2015

[32] Z Zhao J Chen and Y Zhang ldquoEfficient revocable groupsignature scheme with batch verification in VANETrdquo Journal ofCryptologic Research vol 3 no 3 pp 292ndash306 2016

[33] G Ghinita P Kalnis A Khoshgozaran C Shahabi and K-LTan ldquoPrivate queries in location based services anonymizersare not necessaryrdquo in Proceedings of the ACM SIGMOD Interna-tional Conference on Management of Data (SIGMOD rsquo08) pp121ndash132 ACM 2008

[34] S Bittl ldquoPrivacy conserving low volume information retrievalfrom backbone services in VANETsrdquo Vehicular Communica-tions vol 9 pp 1ndash7 2017

[35] M Hur and Y Lee ldquoPrivacy Preserving Top-k Location-BasedService with Fully Homomorphic Encryptionrdquo Journal of theKorea Society For Simulation vol 24 no 4 pp 153ndash161 2015

[36] P Hu and S Zhu ldquoPOSTER Location privacy using homomor-phic encryptionrdquo Lecture Notes of the Institute for Computer Sci-ences Social-Informatics and Telecommunications EngineeringLNICST vol 198 pp 758ndash761 2017

[37] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014

[38] H Jannati and B Bahrak ldquoAn oblivious transfer protocol basedon elgamal encryption for preserving location privacyrdquoWirelessPersonal Communications vol 97 no 2 pp 1ndash11 2017

[39] S Tan H Mingxing E and S Zeng ldquoCCA secure extendedElGamal encryption scheme over CF (psimn)rdquo Journal of XihuaUniversity vol 36 no 1 pp 12ndash16 2017

[40] J Hoffstein J Pipher and J H Silverman ldquoNTRU a ring-basedpublic key cryptosystemrdquo in Algorithmic Number Theory vol1423 pp 267ndash288 Springer Berlin Germany 1998

[41] H B A Wahab and T A Jaber ldquoImprove NTRU algorithmbased on Chebyshev polynomialrdquo in Proceedings of the 2015World Congress on Information Technology and Computer Appli-cations (WCITCA) pp 1ndash5 IEEE Hammamet Tunisia June2015

[42] D H Duong M Yasuda and T Takagi ldquoChoosing Parametersfor the Subfield Lattice Attack Against Overstretched NTRUrdquoLecture Notes in Computer Science (including subseries LectureNotes in Artificial Intelligence and Lecture Notes in Bioinformat-ics) Preface vol 10599 pp 79ndash91 2017

[43] J Hoffstein J Pipher J M Schanck J H Silverman WWhyteand Z Zhang ldquoChoosing parameters for NTRUEncryptrdquo Lec-tureNotes in Computer Science (including subseries LectureNotes


in Artificial Intelligence and Lecture Notes in Bioinformatics)Preface vol 10159 pp 3ndash18 2017

[44] httpstbuktugithubiontru[45] J Hermans F Vercauteren and B Preneel ldquoSpeed records for

NTRUrdquo in Cryptographersrsquo Track at the RSA Conference vol5985 pp 73ndash88 Springer Berlin Germany 2010

[46] M O Rabin ldquoHow To Exchange Secrets with Oblivious Trans-ferrdquo Cryptology ePrint Archive 2005

[47] J Kilian ldquoFounding cryptography on oblivious transferrdquo inProceedings of the 20th Annual ACM Symposium on Theory ofComputing STOC 1988 pp 20ndash31 Chicago Ill USA May 1988

[48] Y Ishai J Kilian K Nissim and E Petrank ldquoExtending obliv-ious transfers efficientlyrdquo in Advances in Cryptology CRYPTOvol 2729 pp 145ndash161 Springer Berlin Germany 2003

[49] R Chen and D Peng ldquoA novel NTRU-based handover authen-tication scheme for wireless networksrdquo IEEE CommunicationsLetters vol 22 no 3 pp 586ndash589 2017

[50] J Hermans F Vercauteren and B Preneel ldquoSpeed recordsfor NTRUrdquo in Topics in Cryptology CT-RSA vol 5985 ofLecture Notes in Computer Science pp 73ndash88 Springer BerlinGermany 2010

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


Internet

GPS

Base Station

RSU

OBU

OBU

QSP

CA

Transaction Gateway

Figure 1 VANET extension

11 Correlation Concealment Due to the interactive nature oflocation-based querying one can easily associate the identityof a user with a specific location which may severely violatethe privacy of personal health condition social relationshipshabits and so on Accordingly once the connectivity ofinquired location and user ID are obscured the sensitiveinformation may be preserved to some extent This kind ofprivacy-protection method includes the following

111 Anonymity and Pseudonym The goal of cryptonymmethods is to prevent an adversary from reidentifying thedata source by exploiting any exposed information It gener-ally relies on the fact that most location-based services arenot strictly dependent on the knowledge of userrsquos identityThereby themost challenging issues turn into pseudonymousauthentication integrity and nonrepudiation Specificallya large number of certificates are usually preloaded foreach vehicle which will be abandoned after usage in ashort period of time Coupled with reputation mechanismsthose certificates can thus be used to appraise credibilityof anonymous sources or to fulfil the backtracking purpose[3] Nevertheless anonymity and pseudonym schemes areonly robust to semihonest secure model because maliciousvehicles may not discard or update their certificates asrequired by the protocols [4]

112 Mix Zones The technique of mix zones is origi-nally introduced by Beresford and Stajano [5] where thepseudonym should be exchange amongst all users within asame zone The time interval when a vehicle passes througha mix zone is called the silent period which means it mustdumb its position so as to break off the connection betweenits identities at the entry and exit points Palanisamy andLiu [6] investigated various context information in trafficenvironment thatmay reveal detailed trajectories such as geo-metrical or temporal constraints and devised the MobiMixapproach directing against such privacy infringement It isworth mentioning that the idea of 119896-anonymity presented byGruteser and Grunwald [7] is always served as a combinationof anonymity (pseudonym) and mix zone implementationFor example Caballero-Gil et al [8] exploited the spatial andtemporal cloaking to calculate the 119896-anonymity set whichmakes a vehicle indistinguishable from other 119896 minus 1 counter-parts To avoid active corruption if a number of complaints

are received pertinent to a malicious node a track algorithmcan also be carried out to prevent further detriment Aimingat Sybil attack Feng et al [9] bounded 119896-anonymity andreputation schemes together which can effectively suppressthe spread of false messages when updating the anonymity

12 Query Fuzzification Theservice of location-based query-ing can be deemed as a process of information retrievalwhichmeans only the users care about the correctness or pre-cision of the research outcomesTherefore lots of approachesare presented taking the advantage of information asymmetrybetween users and the server including the following

121 Position Dummies It is aiming to deceive the QSP byconfounding the userrsquos true position together with multiplefalse locations [10ndash13] Nevertheless since the traffic net-works are always scattered but structured it is difficult tocreate dummies indistinguishable from the true positionIn order to generate plausible dummies Shankar et al [14]proposed the SybilQuery approach which obfuscates thereal position with dummies chosen from a historical trafficdatabase

122 Obfuscation The idea behind position obfuscation isto intentionally reduce the precision of inquiry messagesTypically the protocol proposed by Ardagna et al [15] useda circular area to substitute the exact position of a userThough the obfuscation area can be allodially determinedby the querier the trade-off between privacy and precisionis of great significance Thus accordingly Reynold et al [16]introduced amodel for probabilistic range queries dependingon the overlapping size of the query area and the obfuscationshapes Another way to obfuscate the userrsquos position is thecoordinate transformation where some geometric mappingsare carried out on a series of usersrsquo coordinates before sendingto the server However in order to ensure the functionalityof the QSP it is impossible to find an all-sided protectionscheme purely based on coordinate transformation becausethe service provider has to be able to determine the relativeposition of objects and areas to each other [17] In addition topreserve the trajectory of user a great deal of spatiotemporallocation obfuscation schemes are also proposed which alsotook the temporal information associated with positions intoaccount [18ndash25]


























119888 = 119903 sdot ℎ + 119898 (mod 119902) (2)


119886 = 119891 sdot 119888 (mod 119902) (3)


119898 = 119891119901 sdot 119886 (mod119901) (4)



=



(5)




(6)



119902 gt 119901 (6119889 + 1) (7)


















119888119894 = 119903119894 sdot ℎ + 119898119894 (mod 119902) (119894 = 0 1 119899 minus 1) (10)




1198881015840120575 = 1199031015840 sdot ℎ + 119904 sdot 119888120575 (mod 119902) (11)



119886120575 = 119891 sdot 1198881015840120575 (mod 119902) 119887120575 = 119886120575 (mod119901)

(12)

and then

11988810158401015840120575 = 119891119901 sdot 119887120575 (mod119901) (13)












119898120575 = 11988810158401015840120575 sdot 119904minus1(mod119901)






1015840120575) to





4 Security Analysis













120575 = 119908120575 + V120575 sdot 119882119898120575 = 119896V120575 oplus 119896119908120575 119889120575 = 119863119898120575 (1198891015840120575)




















(V120575 119908120575) )

(16)





















6 Conclusion




Acknowledgments



References
























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



























119888 = 119903 sdot ℎ + 119898 (mod 119902) (2)


119886 = 119891 sdot 119888 (mod 119902) (3)


119898 = 119891119901 sdot 119886 (mod119901) (4)



=



(5)




(6)



119902 gt 119901 (6119889 + 1) (7)


















119888119894 = 119903119894 sdot ℎ + 119898119894 (mod 119902) (119894 = 0 1 119899 minus 1) (10)




1198881015840120575 = 1199031015840 sdot ℎ + 119904 sdot 119888120575 (mod 119902) (11)



119886120575 = 119891 sdot 1198881015840120575 (mod 119902) 119887120575 = 119886120575 (mod119901)

(12)

and then

11988810158401015840120575 = 119891119901 sdot 119887120575 (mod119901) (13)












119898120575 = 11988810158401015840120575 sdot 119904minus1(mod119901)






1015840120575) to





4 Security Analysis













120575 = 119908120575 + V120575 sdot 119882119898120575 = 119896V120575 oplus 119896119908120575 119889120575 = 119863119898120575 (1198891015840120575)




















(V120575 119908120575) )

(16)





















6 Conclusion




Acknowledgments



References
























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




119902 gt 119901 (6119889 + 1) (7)


















119888119894 = 119903119894 sdot ℎ + 119898119894 (mod 119902) (119894 = 0 1 119899 minus 1) (10)




1198881015840120575 = 1199031015840 sdot ℎ + 119904 sdot 119888120575 (mod 119902) (11)



119886120575 = 119891 sdot 1198881015840120575 (mod 119902) 119887120575 = 119886120575 (mod119901)

(12)

and then

11988810158401015840120575 = 119891119901 sdot 119887120575 (mod119901) (13)












119898120575 = 11988810158401015840120575 sdot 119904minus1(mod119901)






1015840120575) to





4 Security Analysis













120575 = 119908120575 + V120575 sdot 119882119898120575 = 119896V120575 oplus 119896119908120575 119889120575 = 119863119898120575 (1198891015840120575)




















(V120575 119908120575) )

(16)





















6 Conclusion




Acknowledgments



References
























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia








119898120575 = 11988810158401015840120575 sdot 119904minus1(mod119901)






1015840120575) to





4 Security Analysis













120575 = 119908120575 + V120575 sdot 119882119898120575 = 119896V120575 oplus 119896119908120575 119889120575 = 119863119898120575 (1198891015840120575)




















(V120575 119908120575) )

(16)





















6 Conclusion




Acknowledgments



References
























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia













120575 = 119908120575 + V120575 sdot 119882119898120575 = 119896V120575 oplus 119896119908120575 119889120575 = 119863119898120575 (1198891015840120575)




















(V120575 119908120575) )

(16)





















6 Conclusion




Acknowledgments



References
























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia












(V120575 119908120575) )

(16)





















6 Conclusion




Acknowledgments



References
























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia







6 Conclusion




Acknowledgments



References
























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia














































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


ntru implementation of efficient privacy-preserving...

Documents