A Group Signature Based Electronic Toll Pricing System
2012 Seventh International Conference on Availability, Reliability and Security
With the prevalence of GNSS technologies, nowadays freely available for everyone, location-based vehicle services such as electronic tolling pricing systems and pay-as-you-drive services are rapidly growing. Because these systems collect and process travel records, if not carefully designed, they can threaten users' location privacy. Finding a secure and privacy-friendly solution is a challenge for system designers. Besides location privacy, communication and computation overhead should be
... into account as well in order to make such systems widely adopted in practice. In this paper, we propose a new electronic toll pricing system based on group signatures. Our system preserves anonymity of users within groups, in addition to correctness and accountability. It also achieves a balance between privacy and overhead imposed upon user devices. In VPriv, users select a set of random tags beforehand and send their locations attached with these tags to the toll server. The server then computes and returns all location fees. Each user adds up his location fees according to his tags and proves the summation's correctness to the server by using zero-knowledge proof, without revealing the ownership of the tags. This process needs to run several rounds to avoid user behaviours deviating from the system. Thus the main disadvantage with VPriv is that the computation and communication overhead increases linearly with the number of rounds executed and with the number of users. Our contributions. We propose a novel but simple ETP system which achieves a balance between privacy and overhead for users. By dividing users into groups and calculating tolls in one round, we reduce the amount of exchanged information as well as the computation overhead due to the smaller number of locations of a group. We use group signature schemes to guarantee anonymity within a group, with an authority being the group manager. Note that the concept of groups, however, requires us to design an effective group division policy to optimally preserve users' location privacy (discussed in Sect. VI). We have proved that our system is correct, which guarantees that users always pay their usage to the server, and assures accountability, which guarantees originators of misbehaviours can always be found. Moreover, our system is also proved to be able to enforce conditional unlinkability between users and their locations.