Lightweight and privacy-preserving access protocols for low emission zones

• Autores: Carles Anglés Tafalla
• Directores de la Tesis: Luis Alexandre Viejo Galicia (dir. tes.), Jordi Castellà Roca (dir. tes.)
• Lectura: En la Universitat Rovira i Virgili ( España ) en 2020
• Idioma: español
• Tribunal Calificador de la Tesis: Josep Domingo i Ferrer (presid.), Josep Lluis Ferrer Gomila (secret.), Lucas Molina (voc.)
• Programa de doctorado: Programa de Doctorado en Ingeniería Informática y Matemáticas de la Seguridad por la Universidad Rovira i Virgili
• Materias:
  • Matemáticas
    • Ciencia de los ordenadores
      • Informática
• Enlaces
  • Tesis en acceso abierto en: TDX
• Resumen

  • In the last years, Low Emission Zones (LEZ), i.e. areas where some restrictions and surcharges are applied to their users in accordance to their vehicle emissions, have emerged as one most popular mechanism to tackle urban traffic congestion and its subsequent impact on the cities' environmental pollution. The rapid proliferation of LEZs through all Europe, especially in Central-Europe countries like Germany, The Netherlands, Belgium and the north of Italy, are clear examples of this increasing trend. Even other countries like Spain, which still doesn’t implement them in their soil, is tailoring a draft bill which stipulates LEZs as mandatory for its bigger cities.

    A critical element of this approach is the access control system that must be deployed in order to enforce traffic restrictions that a LEZ poses. Currently deployed systems use two main ways of monitoring the compliance of vehicles in the LEZ, one operating in manual way and another based on automated systems. The first implies authorities visually checking the emission category stickers placed on the vehicles' windshield, while the latter is based on cameras and automatic license plate reading. Although manual systems, being the dominant trend in center Europe, are cheaper and much easier to deploy, this measure's effectiveness varies depending on the number of municipal employees assigned to the task of visually checking the vehicles' stickers. In that sense, manual approaches cannot compete with the efficacy of automated control systems like the ones deployed in London, Stockholm or Singapore.

    Even though LEZ automated control systems have proven to be an effective measure against those issues, they have also been criticized in the literature due to the relevant privacy threat that they represent to the drivers passing by. In particular, current deployed systems used to enforce LEZs strongly depend on the indiscriminate use of camera networks to track the drivers' whereabouts, requiring complex and costly infrastructures that hinder their deployment in real scenarios. Moreover, these solutions also reveal a strong dependence on centralized entities to manage the vehicles' access acknowledgment, fare ascertain and fee payment. The inherent reliance on those entities poses a single point of failure, jeopardizing the systems' security and stability.

    The aim of this thesis is to contribute with three novel privacy-preserving protocols for LEZ Access Control schemes which tackle the deployability and centralization issues found in the current literature works, while providing effective anti-fraud measures to preserve the privacy of the drivers who behave honestly.

    In our first contribution we designed a system that allows controlling the access to LEZs in an anonymous, secure and efficient way. In contrast to other schemes, our system presents a non-probabilistic fraud control system which identifies dishonest users while preserves the privacy of the ones who behave honestly. The lightweight design and the use of widespread technologies have made possible the system's implementation in low-cost infrastructures and the use of smartphones as user's side devices. On the basis of this implementation, we presented experimental results that proof that our system is feasible in real scenarios as defined in TRL5 of technological maturity. Field results show that a vehicle circulating at maximum permitted speed inside an urban environment would travel a distance which can be easily covered by the low cost Bluetooth device build-in in our AC's infrastructure. Experiments also show that most of time is spent in communication issues as connection establishment. However, a significant drop in that aspect is expected when newer widespread versions of Bluetooth technology, like BLE, are used.

    A decentralized privacy-preserving protocol, sitting on the previous non-probabilistic fraud control system, is presented as or second contribution. Our scheme introduces a new decentralized privacy-preserving approach for controlling the access to LEZs, whose fundamental principle is the adoption of the smart contract technology to omit central entities from payment related processes in favor of the decentralization that blockchain technology offers. In our approach, interactions between users and LEZ's infrastructures are processed as blockchain transactions, through the use of smart contracts, thereby permitting the corresponding access fee to be automatically calculated and charged from the user's wallet in terms of digital tokens. Under this procedure, entities responsible of registering vehicle accesses and charging their corresponding fees are replaced by a decentralized network, which grants the verifiability, reliability and transparency of the uploaded LEZ accesses. Furthermore, as any node belonging to the distributed network can verify the validity of the transaction flow and every vehicular access transaction is added to the blockchain, there is no need for entities to locally store signed proofs of every entrance to the LEZ.

    Finally, as our third contribution, we propose an access control system for LEZ, following the previous proposal's decentralized trend, which truly preserves the anonymity, non-traceability and unlikablility of honest users, through an efficient tailored group signature scheme, without the need of a client-on-demand credential renewal process to achieve it. On top of that, experimental results show that our system is more lightweight than similar group-signature-based LEZ access control systems in the literature, and can even compete with faster less privacy-preserving approaches based on pseudonyms.