Privacy-Preserving Protocols for Vehicular Transport Systems

La present tesi es centra en la privadesa dels ciutadans com a usuaris de mitjans de transport vehiculars dins del marc d'una e-society. En concret, les contribucions de la tesi es focalitzen en les subcategories d'estacionament de vehicles privats en zones públiques regulades i en la realització de transbordaments entre línies intercomunicades en l'àmbit del transport públic. Una anàlisi acurada de les dades recopilades pels proveedors d'aquests serveis, sobre un determinat usuari, pot proporcionar informació personal sensible com per exemple: horari laboral, professió, hobbies, problemes de salut, tendències polítiques, inclinacions sexuals, etc. Tot i que existeixin lleis, com l'europea GDPR, que obliguin a utilitzar les dades recollides de forma correcta per part dels proveedors de serveis, ja sigui a causa d'un atac informàtic o per una filtració interna, aquestes dades poden ser utilitzades per finalitats il·legals. Per tant, el disseny protocols que garanteixin la privadesa dels ciutadans que formen part d'una e-society esdevé una tasca de gran importància.La presente tesis se centra en la privacidad de los ciudadanos en el transporte vehicular dentro del marco de una e-society. En concreto, las contribuciones de la tesis se centran en las subcategorías de estacionamiento de vehículos privados en zonas públicas reguladas y en la realización de transbordos entre líneas interconectadas en el ámbito del transporte público. Una análisi acurada de los datos recopilados por los proveedores de los servicios, sobre un determinado usuario, puede proporcionar información personal sensible como por ejemplo: horario laboral, profesión, hobbies, problemas de salud, tendencias políticas, inclinaciones sexuales, etc. A pesar que hay leyes, como la europea GDPR, que obligan a usar de forma correcta los datos recopilados por parte de los proveedores de servicios, ya sea por un ataque informático o por una filtración interna, estos datos pueden utilizarse para fines ilegales. Por lo tanto, es vital diseñar protocolos que garanticen la privacidad de los ciudadanos que forman parte de una e-society.This thesis is focused on the privacy of citizens while using vehicular transport systems within an e-society frame. Specifically, the thesis contributes to two subcategories. The first one refers to pay-by-phone systems for parking vehicles in regulated public areas. The second one is about the use of e-tickets in public transport systems allowing transfers between connecting lines. A careful analysis of data collected by service providers can provide sensitive personal information such as: work schedule, profession, hobbies, health problems, political tendencies, sexual inclinations, etc. Although the law, like the European GDPR, requires the correct use of the data collected by service providers, data can be used for illegal purposes after being stolen as a result of a cyber-attack or after being leaked by an internal dishonest employee. Therefore, the design of privacy-preserving solutions for mobility-based services is mandatory in the e-society

A privacy-preserving ticketing system

Electronic identity (eID) cards are deployed in an increasing number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the user’s privacy. This paper proposes two alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.status: publishe

A privacy-preserving ticketing system

Electronic identity (eID) cards are deployed in an increasing number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the user's privacy. This paper proposes two alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.nrpages: 33status: publishe

Privacy-preserving Identity Management

With the technological advances and the evolution of online services, user privacy is becoming a crucial issue in the modern day society. Privacy in the general sense refers to individuals’ ability to protect information about themselves and selectively present it to other entities. This concept is nowadays strongly affected by everyday practices that assume personal data disclosure, such as online shopping and participation in loyalty schemes. This makes it difficult for an individual to control the outflow of her personal data and provides third parties with strong data gathering possibilities. On the other hand, the privacy-related legislation obliges the service providers to limit the collection of personal data and protect the data they collect. In rare cases, the privacy protection can be driven by the desire to build a trust relationship with customers. To achieve the described goals of protecting users’ privacy, this thesis focuses on two aspects of managing personal information. Firstly, we address the privacy-preserving design and development of information systems. The described approach coheres to the privacy-by-design principles, which assert that privacy should be embedded in a system design from the very beginning as an essential component of the core functionality, rather than being introduced as an add-on. Secondly, we develop a framework that informs the users about their privacy level and consequences of utilising a particular service or interacting with a particular service provider. That way, the user is enabled to make informed decisions about the disclosure of her personal information and remain in control of her achieved privacy. The first part of the thesis describes a reusable mechanism for achieving unlinkability and anonymity in incentive systems, such as loyalty schemes or reputation systems, while creating a certain level of assurance for the providers about the participating users. Namely, it allows the users to prove that they are registered for a particular service, that they satisfy specific requirements posed by the provider and that they cannot share their earned benefits, while remaining anonymous. The versatility of the scheme is demonstrated with its application in a privacy-preserving ticketing system for public transport services. The resulting system prevents tracking users’ movements. At the same time, the provider can impose needed restrictions on transport services utilisation. Further, this thesis presents a design of a privacy-preserving eHealth system. It is intended for commercial use, with limited trust assumptions, while protecting users’ personal and sensitive data. It allows the patients and elderly to connect to a range of caregivers and care providers. Besides describing the architectural design of the system, we also develop the protocols that describe its functioning. The latter part of this thesis focuses on ensuring user informedness about their attained privacy level. It presents a logic-based framework that allows the users to track which information is known or can be learned by which providers. This is achieved through modelling relevant credential technologies, service providers and the interactions of a user, i.e. data disclosures. The framework also evaluates which interactions can be linked together, as these links allow the providers to extend their knowledge about the user. Consequently, the user can decide on which information may be disclosed, by assessing the privacy level that would be achieved.nrpages: 206status: publishe