Wireless Pers Commun (2011) 61:779–791DOI 10.1007/s11277-011-0432-2

A Privacy-Preserving Location Assurance Protocolfor Location-Aware Services in VANETs

Youngho Park · Chul Sur · Kyung-Hyune Rhee

Published online: 30 October 2011© Springer Science+Business Media, LLC. 2011

Abstract A location-aware service on a vehicular ad hoc networks (VANETs) is to provideservices that distribute on-demand information for a certain geographic area of interest by tak-ing advantage of vehicular communications. In this paper, we propose a secure and locationassurance protocol in order to guarantee privacy preservation in vehicular communicationsand trustworthiness of location-aware services over VANETs. The proposed protocol enablesa message verifier to have confidence that the location-aware information was responded fromthe vehicles passing through the target location area of interest without violating location pri-vacy of the responders. To achieve our security objectives, we consider a pseudonym-basedprivacy-preserving authentication and a hierarchical identity-based cryptographic scheme.Furthermore, we demonstrate experimental results to confirm the efficiency and effectivenessof the proposed protocol.

Keywords VANET · Authentication · Location assurance · Privacy preservation

1 Introduction

In recent, VANETs have received a great deal of attention for their promises in revolu-tionizing the intelligent transportation systems and telematics services. VANETs consist ofvehicles equipped with on-board computing units (OBUs) and road-side units (RSUs), sovehicle-to-vehicle and vehicle-to-infrastructure communications are two basic communica-tion modes on VANETs.

Y. Park · K.-H. Rhee (B)Department of IT Convergence and Application Engineering, Pukyong National University,Busan, Republic of Koreae-mail: khrhee@pknu.ac.kr

Y. Parke-mail: pyhoya@pknu.ac.kr

C. SurGraduate School of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japane-mail: chulsur@itslab.csce.kyushu-u.ac.jp

123

780 Y. Park et al.

The VANET enables useful functions, such as cooperative driving and probe vehicle data,that increase vehicular safety and reduce traffic congestion, and offer access to location-aware service applications. A location-aware service on a VANET is to provide servicesthat distribute on-demand information such as traffic conditions, weather, available facilities(e.g., gas station or restaurant), and so on for a certain geographic area of interest by takingadvantage of vehicular communications [3].

Dikaiakos et al. proposed the development and deployment of location-aware serviceinfrastructure on top of emerging VANETs based on a Vehicular Information Transfer Proto-col (VITP) [3] which is an application layer communication protocol specifying the syntaxand the semantics of messages for a VANET service. However, VITP does not provide built-in security features although some security objectives must be supported depending on thekind of vehicular service.

Considering such a useful VANET application, it is necessary to develop a suit of elabo-rate and carefully designed security mechanisms to make VANET applications viable [18].That is, illegal information do not have to be inserted and disseminated message must notbe modified by a malicious attacker. Especially, sensitive information such as identity andlocation privacy must be preserved in order to prevent users from being traced illegallythrough vehicular communications. In addition to the fundamental security requirements, foron-demand location-aware services in a VANET, location assurance must be also requiredfrom user’s perspective because location information is a key factor for providing a reliableand trustworthy location-aware service. In other word, suppose that a vehicle requests someuseful information around a certain target road through a VANET, the requesting vehiclemay want to have confidence that the location-aware information was responded from thevehicles passing through the target location area.

1.1 Related Work

For last a few years, a variety of VANET security protocols, which aim at privacy preservingauthentication, have been proposed since Raya et al. research result [18]. Most of privacy-preserving authentication protocols have been developed on the basis of digital signatureincluding group signature schemes and anonymous certificates using pseudonyms of vehi-cles to conceal the real identity of vehicles or users [5,12,13,16,18]. However, those protocolscannot fulfill the location assurance requirements in our mind.

Kate et al. presented a hierarchical ID-based security infrastructure for delay tolerantnetworks [8]. However, the security mechanisms just aimed at providing anonymous authen-tication using the hierarchical ID-based cryptography.

The term of location assurance used in this paper has some similar meanings to physi-cal location verification for secure VANTEs in a sense. Advances in localization technol-ogies enable location estimation of vehicles based on transmission signal properties suchas signal strength and direction. Some location verification schemes [10,19] have beenproposed for secure packet forwarding in geographic routing protocol aiming to identify afalse node, which fakes its position, by verifying whether a neighbor node physically resideswithin a communication range. However, this approach is different from our location assur-ance protocol and cannot determine the location of a remote node beyond a communicationrange.

Pathak et al. proposed a geographic hash for encoding unforgeable geographic locationdata for securing the path in geographic routing protocol [17]. However, this protocol doesnot support location assurance from the view of location-aware service, and requires collab-oration of intermediary nodes on the routing path.

123

A Privacy-Preserving Location Assurance Protocol for Location-Aware Services 781

One interesting approach is a cryptographic signature scheme, called location-releasesignature proposed by Lin et al. [11], for store-carry-forward communication in VANETs.The location-release signature is signed by a source location server and becomes valid whenit arrives at a specific destination location, where a location server publishes some trapdoorinformation associated with such a destination location. However, the capability to verify thesignature is geographically restricted to the specific destination location, hence the location-release signature is a different approach from our one and is not applicable to our systemmodel.

1.2 Contribution and Organization

The requirement of location assurance seems conflicting with location privacy, in a way.Therefore, given the conflicting goals between location privacy and location assurance, wepropose a privacy-preserving location assurance protocol that avoids illegal movement track-ing of vehicles in a location-aware service over VANETs. Even though ordinary digital sig-nature schemes are appropriate to guarantee the authenticity of a message including locationinformation, digital signature itself is not sufficient to guarantee the semantics that the mes-sage was responded from a vehicle passed through the claimed location because there isno binding between the signature function and the location information. To achieve thesesecurity goals, we deploy a hierarchical identity-based cryptography [4] to generate loca-tion-based signature verified by a public road identifier for location assurance, and considerpseudonym-based anonymous authentication scheme for privacy preservation.

In our protocol, a master authority (MA) acts a root (level-0) Private Key Generator (PKG).The MA issues ID-based private keys to each vehicle and level-1 location-based private keyto an RSU using the fixed RSU’s location information. Then, RSU issues level-2 location-based signing keys, derived from vehicle’s pseudonym bound with the location information,to vehicles within its geographic area on a VANET. Hence, vehicles can generate a location-based signature under its level-2 location-based signing key, and then any node can verify thesignature using publicly known location information and originating vehicle’s pseudonym.

The rest of this paper is organized as follows: In Sect. 2, we describe our system architec-ture and security goals, and present the proposed protocol in Sect. 3. Security analysis andperformance evaluation of the protocol are provided in Sects. 4 and 5, respectively. Finally,we conclude in Sect. 6.

2 System Model

In this section, we describe a system architecture, network model, and security objectives forthe proposed protocol.

2.1 System Architecture

As shown in Fig. 1a, our system model consists of the MA, RSUs, and OBUs. The basicoperation of each entity is following:

– The fully trusted MA is in charge of the registration of RSUs and vehicles deployed on aVANET, and issues cryptographic materials through initial registration. Only the MA canreveal the real identity of a vehicle by law enforcement when a disputed situation occurs.

– RSUs are subordinated by the MA and act level-1 PKGs for issuing location-based signingkeys to each vehicle within RSU’s geographic areas.

123

782 Y. Park et al.

Fig. 1 VANET system architecture and the relation of key hierarchy of the proposed system model. (a)VANET system architecture, (b) hierarchical key generation

– OBUs are installed on the vehicles. They communicate with other OBUs for sharinglocation-aware information, and with RSUs for requesting the location-based signingkey to generate signatures for a secure location-aware service.

2.2 Network Model

In most VANET environments, RSUs are assumed to establish a secure channel with theMA by any reliable communication links with high bandwidth. We assume that vehicles areequipped with an embedded computer, a GPS receiver, a wireless network interface compli-ant to standards like IEEE 802.11 p incorporated with dedicated short range communications(DSRC) [2].

Since the main goal of this paper is to design security protocol, we do not describe theprocess of location-aware service transactions in detail. Instead, we assume the function-alities of the VITP [3] for our underlying location-aware service on VANETs. Multi-hopmessage delivery can be supported by geographic routing protocol such as GPSR [7], whichforward messages toward their geographic destination.

2.3 Security Objectives

We consider the following objectives to design secure location-aware services in VANETs.

– Location Assurance: A location-aware service should guarantee the semantics that theinformation about a certain location of interest is related to the claimed target location.That is, it must be possible for a requesting vehicle to verify that a response message wasactually originated from a vehicle within the target location area.

– Authentication: Only legitimate entities should take part in the VANETs. In addition, theoriginator of a message must be authenticated to guard against the impersonation andmessage forgery attacks.

– Location Tracking Avoidance: The real identity and location privacy of a vehicle should bepreserved from illegal tracing through a vehicular communication even though locationassurance is supported.

– Vehicle Tracing: The authorities should be able to trace the originator of a message byrevealing the real identity in case of any disputed situation such as liability investiga-tion. That is, privacy preservation protocols in a VANET must be conditional by way ofprecaution against problematic cases.

123

A Privacy-Preserving Location Assurance Protocol for Location-Aware Services 783

Table 1 Notations of proposedprotocol.

Notation Description

loc A location information

sk, pk Secret and corresponding public key pair

s0 Master secret of MA

s1 Secret of level-1 RSU

s2 Secret of level-2 vehicle

Qi Public key corresponding to si

SK ID-based private key of a vehicle

LK1 Location-based private key for an RSU

LK2 Location-based signing key for a vehicle

VID Virtual-ID of a vehicle

MACk Message authentication code under key k

H1, H2, H3 Cryptographic one-way hash functions

3 Proposed Protocol

In this section, we present the proposed secure and location assurance protocol consisting ofsystem initialization and registration, location-based signing key issuance, and secure loca-tion-aware service using location-based signature. To design the protocol, we consider theID-based authenticated key agreement [1] for mutual authentication between a vehicle andan RSU, and the hierarchical ID-based signature [4] for location-based signature genera-tion and verification for location assurance, respectively. Specifically, a location informationbinding with a pseudonym of each vehicle is used for hierarchical location-based signing keyissuance. Table 1 describes notations used in our protocol.

Figure 1b shows the key hierarchy and the relations of key generations used in theproposed protocol, respectively. s0 is a master secret of the MA to generate level-1 loca-tion-based private key L K1 for each RSU and ID-based private key SK for each vehicle.Level-1 secret s1 of each RSU is used for generating each vehicle’s level-2 location-basedsigning key L K2, while secret of each vehicle s2 is used for generating location-based signa-ture together with its location-based signing key L K2. Note that vehicle’s ID-based privatekey SK is issued by the MA at initial registration phase, on the other hand, L K2 is issued byan RSU on a VANET when a vehicle requests it. We will describe this key issuance protocolin Sect. 3.2.

3.1 System Initialization and Registration

The MA generates two cyclic groups G1, G2 of the same prime order q and bilinear pairinge : G1 ×G1 → G2, and chooses an arbitrary generator P0 ∈ G1. MA picks a random s0 ∈ Z∗

qas its master secret and sets Q0 = s0 P0 ∈ G1. In addition, MA chooses cryptographic hashfunctions H1 : {0, 1}∗ → G1, H2 : {0, 1}∗ → G1 and H3 : {0, 1}∗ → {0, 1}k , and thenpublishes system parameters params = 〈G1, G2, q, e, P0, Q0, H1, H2, H3〉.

Through the initial registration as shown in Table 2, the cryptographic keys for OBUs onvehicles and RSUs are given by the MA, respectively. If the registered entity is a vehicle,then each vehicle submits its real identity I D to the MA. Then, the MA stores I D andgenerates vehicle’s ID-based private key SK to be used for mutual authentication with anRSU when the vehicle requests its location-based signing key. SK is loaded on the OBU of

123

784 Y. Park et al.

Table 2 Initial registrationand key generation

For a vehicle:

1. Vehicle registers its real identity I D to the MA;

2. MA issues SK = s0 H1(I D) as an ID-based private key for thevehicle;

For an RSU:

1. MA issues L K1 = s0 H1(loc) as RSU’s location-based private key;

2. RSU chooses si ∈ Z∗q and computes Q1 = s1 P0.

the vehicle. On the other hand, RSU’s location-based private key L K1 is derived from thelocation information in which the RSU is located. The RSU picks a random s1 as its secretfor level-1 PKG and publishes the corresponding public key Q1.

Note that, according to [3], locations can be represented as two-value tuples [road-id,segment-id], where road-id is a unique key representing a road and segment-id is a numberrepresenting a segment of that road [14]. Given that the movement of vehicles is constrainedwithin the road system, we can assume that the geographic areas of interest are restricted toroads and road segments. Therefore, those representations can be used as identifiers for ourlocation-based key generation.

3.2 Location-Based Key Issuance

When a vehicle wants to join secure location-aware service, the vehicle must be authenti-cated and obtain location-based signing key from the RSU located in vehicle’s geographicarea. The key issuance protocol is described in Fig. 2. This protocol largely consists of two

Fig. 2 Location-based signing key issuance protocol between an OBU and an RSU

123

A Privacy-Preserving Location Assurance Protocol for Location-Aware Services 785

phases, one is mutual authentication phase between an OBU and an RSU, and the other is alocation-based signing key issuance by the RSU.

1 The OBU sends a request with {req1 : X, Y } to the RSU for initiating authenticated keyagreement.

2 Upon receiving the request, the RSU generates k1 = H3(K |1) and k2 = H3(K |2) fromK = e(bY, Q0)e(L K1, X). Then the RSU responds with {res1 : X ′, φ′} to the OBU.

3 The OBU also establishes K by using RSU’s public share X ′ and RSU’s location infor-mation. If the RSU is authenticated by checking φ′, the OBU generates a temporary V I Dto be used for secure location-aware service in this geographic area. At this step, ts is atime stamp. The OBU requests a location-based signing key for this area to the RSU bysending {req2 : V I D, φ}.

4 First, the RSU checks φ and if it holds, queries OBU’s status to the MA by sendingV I D. Then the MA returns the status for the OBU after decrypting V I D under skM A

and checking whether vehicle’s I D is registered or not. If the vehicle is legitimate, theRSU issues location-based signing key L K2.

5 The OBU decrypts the encrypted location-based signing key, and then comes to possessL K2 for this location area.

3.3 Secure Location-Aware Service

To satisfy authentication and location assurance requirements, each entity in the systemshould be able to sign and verify a given message with the corresponding location information.

Figure 3 shows the message structure for secure location-aware service. The type fieldrepresents either request or response. The target and source fields consist of virtual-ID ofa vehicle and location area of interesting, respectively. Locations are formatted accordingto a standard scheme that specifies the road and segment identifiers, as retrieved by an on-board navigation and positioning system [14]. Pub_key and signature fields contain messageoriginator’s public parameters and digital signature on the message under a location-basedsigning key, respectively.

As we mentioned earlier, since we assume an underlying VANET routing protocol, wejust describe how location-based signature described in Table 3 can be applied to a securelocation-aware service.

Suppose that a vehicle S located in a road segment Road_S submits a request message(req) inquiring some information around a target road segment Road_T. Then, req goesthrough a number of intermediary VANET nodes and req is finally received by a vehicle Twhich is inside target area Road_T. T first parses source field to obtain the location and V I Dof S and verifies the signature included in req . If the signature is valid, then the transactionof nodes within target area enters into the reply phase.

Reply phase is the process that some nodes within target area resolve the request andreply information satisfying return condition. We can refer the VITP transaction [3] formore specific process. Suppose that five vehicle participate in the reply phase. Each vehicle

Fig. 3 Message structure for secure location-aware services

123

786 Y. Park et al.

Table 3 Location-based signature generation and verification

Signature generation for a given message M :

1. Chooses s2 ∈ Z∗q as its secret and computes Q2 = s2 P0;

2. Computes PM = H2(loc, V I D, M) and sets signature σ = L K2 + s2 PM ;

3. Submits {M |Q1|Q2|σ }.Signature verification for a given {M |Q1|Q2|σ }:

1. Computes PM = H2(loc, V I D, M);

2. Checks e(P0, σ )?= e(Q0, P1)e(Q1, P2)e(Q2, PM ), where P1 = H1(loc) and P2 = H1(loc, V I D),

respectively.

Batch verification for {Mi |Q1|Q2,i |σi } (1 ≤ i ≤ n):

1. Computes each PMi = H2(loc, V I Di , Mi ) (1 ≤ i ≤ n);

2. Checks e(P0,∑n

i=1 σi )?= e(Q0, P1)e(Q1,

∑ni=1 P2,i )

∏ni=1 e(Q2,i , PMi ).

Ti (1 ≤ i ≤ 5) creates response message including its signature σi and sends it toward sourcelocation area Road_S through the VANET, then the response reaches S. Note that, in ourprotocol, we consider individual response of each vehicle while the reply phase of VITP iscomposed of cumulation of response messages in the target area.

When the reply messages are received, vehicle S verifies the signatures of received mes-sages by using location information and responding vehicle’s virtual-ID to decide to accept amessage or not. At this moment, for n messages with signatures {Mi |Q1|Q2,i |σi }(1 ≤ i ≤ n)

replied from n vehicles within the same target location area (i.e., all vehicles have the samelevel-1 public key Q1 and P1), verifier can aggregately verify the n signatures using batchverification to reduce the computational overheads.

4 Security Analysis

In this section, we analyze the proposed protocol according to the security objectives pre-sented in Sect. 2.3.

Authentication: The authenticity of entities participated in a VANET can be assured bythe identity-based private keys issued through the initial registration in the protocol. There-fore, when we assume the security of the underlying identity-based cryptography, no onecan launch an impersonation attack unless the entity is registered to the MA. In other word,only the RSU possessing a valid L K1 corresponding its location and the vehicle possessinga valid SK derived from its identity can be authenticated to each other.

Location Tracking Avoidance: In our protocol, message senders and receivers are spec-ified by their virtual-IDs, and the virtual-ID of a vehicle is an encrypted pseudonym underMA’s encryption key. Therefore, an adversary cannot retrieve the real identity of a vehiclewithout knowing MA’s decryption key. In addition, since the virtual-ID is renewed whenevera vehicle enters into different geographic areas, an attacker cannot match the originatorsbetween observed messages from different locations. Consequently, unlinkability of virtual-IDs at different locations can prevent a global eavesdropper from tracking movement of avehicle.

Location Assurance: This goal can be satisfied by the location-based signature in whichbinding of a location information is used for key generation. If a location-based signature in alocation-aware message is verified as valid by using the location information specified in the

123

A Privacy-Preserving Location Assurance Protocol for Location-Aware Services 787

message, then the verifier can be convinced that the message was responded by the vehiclepassed through the claimed location at that time because a location-based private key, L K2

for a vehicle, is issued by the RSU physically located in the target area.Vehicle Tracing: In our system, if a disputed circumstance occurs, the MA is involved in

tracing the originator of the message. Given a message formed as shown in Fig. 3, the MAfirst retrieves originator’s virtual-ID V I D from the message. Then the MA can recover I Dby decrypting the V I D under MA’s private key.

5 Performance Evaluation

We evaluate the performance of the proposed protocol in terms of RSU location-based signingkey issuance and message verification delay, in this section. We considered a supersingularcurve with |G1| = 512 bits for implementing a pairing [20] on Pentium IV 3 GHz, and eval-uated the computational time of location-based signing key issuance protocol and signatureverification, respectively. Table 4 shows the measures to estimate the proposed protocol. Sincepairing and point multiplication are much time consuming operations, we did not accountany other negligible computation such as cryptographic hash functions.

5.1 RSU Key Issuance

Since each RSU issues location-based signing keys to vehicles on requests within RSU’svalid coverage (Rrng), so RSU’s performance always depends on vehicles density (d) andspeed (v) within the RSU coverage.

Let p be the probability for each vehicle to request a location-based signing key. Thenthe number of requesting vehicles among total d vehicles follows the Binomial distributionB(d, p), and the expected number of requests is Nreq = d · p. Hence, let Tlk be the executiontime of a location-based key issuance protocol in Sect. 3.2, the average processing time isestimated as Tlk × Nreq . Figure 4a shows the expected processing time for location-basedsigning key issuance depending on vehicle density and probability of a vehicle for requesting.

In addition, the valid serving ratio of an RSU, which is the fraction of the number ofactually processed key issuance to the number of requests, can be defined by

serving ratio ={

1, if RrngTlk ·v · 1

d·p ≥ 1;RrngTlk ·v · 1

d·p , otherwise.

Figure 4b shows the RSU valid serving ratio with different vehicle density and differentvehicle speed for Rrng = 500 m. From the results, we can observe that RSU can sufficientlydeal with the location-based signing key requests in most scenarios, and we can concludethat the proposed key issuing protocol is feasible.

Table 4 The number ofcryptographic operationsand the processing time

RSU OBU Time

Pairing PMul Pairing PMul (ms)

Signing key issuance (Tlk ) 2 3 2 2 44.7Msg. verification (Tvr f ) – – 4 – 35.2

123

788 Y. Park et al.

Fig. 4 Average processing time of an RSU for location-based key issuance and serving ratio of an RSUdepending on vehicle density and speed within RSU coverage. (a) Average processing time of RSU, (b) RSUserving ratio

Fig. 5 Message processing delay to the query distance and the number of responders within a target roadsegment, and to inter-vehicle space of 2,000 m query distance. (a) Message processing delay versus querydistance, (b) processing delay versus inter-vehicle density

5.2 Message Processing Delay

To evaluate the processing delay for location-aware message query and response over VA-NETs, we simulated vehicular communications considering highway-traffic scenario by usingns-2 simulator. We use the GPSR [7] as a geographic routing protocol provided by [9] andIEEE 802.11 p wireless interface configuration [15] for 6 Mbps bandwidth and 250 m nomi-nal transmission range. In our simulation scenario, we deployed vehicles on 5 km-long roadwith 3 lanes to each direction, and fixed target road segment range to 300 m.

Figure 5a shows the message processing delays to the query distance from 500 to 3,000m and 5–15 responders (n) within 300 m road segment. The delay was measured by end-to-end round-trip time and location-based signature verification time in a batch processing,but did not take into account message loss suffered from routing failure. Figure 5b showsalso message processing delays depending on a vehicle density to 2,000 m query distance.To measure the delay depending on vehicle density, we set the inter-vehicle space from 50 to150 m, respectively. From the result, we can observe that the scenario of 100 m inter-vehiclespace has better performance rather than other scenarios in our simulations.

123

A Privacy-Preserving Location Assurance Protocol for Location-Aware Services 789

6 Conclusion

For on-demand location-aware services on VANETs, location assurance must be consideredfor providing reliable and trustworthy location-aware services as well as location privacy pres-ervation in vehicular communications. Therefore, we proposed a privacy-preserving locationassurance protocol to guarantee that a location-aware information was generated within theclaimed geographic area without violating location privacy. To achieve our objectives, wedeployed a hierarchical identity-based cryptography to the location-based signature verifica-tion for providing location assurance, and a pseudonym-based privacy-preserving authenti-cation. We also have evaluated the performance of the proposed protocol in terms of RSUserving ratio for location-based key issuance and message processing delay.

Acknowledgements This work was supported by the National Research Foundation of Korea Grant fundedby the Korean Government (Ministry of Education, Science and Technology). [NRF-2010-355-D00056].

References

1. Chen, L., Cheng, Z., & Smart, N. P. (2007). Identity-based key agreement protocols from pairings.International Journal of Information Security 6(4), 213–241, Springer.

2. Dedicated short range communications (DSRC), http://www.leearmstrong.com/DSRC/DSRCHomeset.htm.

3. Dikaiakos, M. D., Florides, A., Nadeem, T., & Iftode, L. (2007). Location-aware services overvehicular ad-hoc networks using car-to-car communication. IEEE Journal on Selected Areas inCommunications, 25(8), 1590–1602.

4. Gentry C., & Silverberg A. (2002) Hierarchical ID-based cryptography, proceedings of advances incryptology—ASIACRYPT 2002, LNCS 2501. Springer, pp. 548–566.

5. Jung, C., Sur, C., Park, Y., & Rhee, K. (2009). A robust and efficient anonymous authenticationprotocol in VANETs. Journal of Communications and Networks, 11(6), 607–6144.

6. Kafle, V. P., & Inoue, M. (2010). Locator ID separation for mobility management in the newgeneration network. Journal of Wireless Mobile Networks, Ubiquitous Computing, and DependableApplications, 1(2/3), 3–15.

7. Karp, B., & Kung, H. (2000). Greedy perimeter stateless routing for wireless networks, proceedings ofthe 6th annual ACM/IEEE international conference on mobile computing and networking (MobiCom2000), pp. 243–254.

8. Kate, A., Zaverucha, G. M., & Hengartner, U. (2008). Anonymity and security in delay tolerantnetworks, proceeding of the 3rd international conference on security and privacy in communicationsnetworks, pp. 504–513.

9. Kiess, W., Füßler, H., Widmer, J., & Mauve, M. (2004). Hierarchical location service for mobile Ad-Hocnetworks. ACM SIGMOBILE Mobile Computing and Communications Review (MC2R), 8(4), 47–58.

10. Leinmuller, T., Schoch, E., & Kargl, F. (2006). Position verification approaches for vehicular ad hocnetworks. IEEE Wireless Communications, 13(5), 16–21.

11. Lin, X., Lu, R., & Shen, X. (2009). Location-release signature for vehicular communication, proceedingsof 18th international conference on computer communications and networks, pp. 1–7.

12. Lin, X., Sun, X., & Shen, X. (2007). GSIS: A secure and rivacy preserving protocol for vehicularcommunications. IEEE Transactions on Vehicular Technology, 56(6), 3442–3456.

13. Lu, R., Lin, X., Zhu, H., Ho, P. H., & Shen, X., (2008). ECPP: Efficient conditional privacy preservationprotocol for secure vehicle communications, Proceedings of IEEE INFOCOM, pp. 1229–1237.

14. Nadeem, T., Dashtinezhadd, S., Liao, C., & Iftode, L. (2004). Trafficview: Traffic data disseminationusing car-to-car communication, ACM sigmobile mobile computing and communications review. SpecialIssue on Mobile Data Management, 8(3), 6–19.

15. Overhaul of IEEE 802.11 modeling and simulation in NS-2, http://dsn.tm.uni-karlsruhe.de/Overhaul_NS-2.php.

16. Park, Y., Sur, C., Jung, C., & Rhee, K. (2010). An efficient anonymous authentication protocol forsecure vehicular communications. Journal of Information Science and Engineering, 26(3), 785–800.

123

790 Y. Park et al.

17. Pathak, V., Yao, D., & Iftode, L. (2008). Securing location aware services over VANET usinggeographical secure path routing. Proceedings of the IEEE international conference on vehicularelectronics and safety (ICVES), pp. 346–353.

18. Raya, M., & Hubaux, J.-P. (2007). Securing vehicular ad hoc networks. Journal of Computer Security,Special Issue on Security of Ad Hoc and Sensor Networks, 15(1), 39–68.

19. Ren, Z., Li, W., & Yang, Q. (2009). Location verification for VANETs routing, proceedings ofIEEE international conference on wireless and mobile computing, networking and communications,pp. 141–146.

20. The pairing-based cryptography library, http://crypto.stanford.edu/pbc.

Author Biographies

Youngho Park received his M.S. and Ph.D. degrees in Department ofComputer Science and Information Security from Pukyong NationalUniversity, Republic of Korea in 2002 and 2006, respectively. He iscurrently a post doctor course researcher in Department of IT Conver-gence and Application Engineering, Pukyong National University. Hisresearch interests are related with information security, applied cryp-tography and network security; secure ad hoc network, authentication,key management, and identity-based cryptosystem.

Chul Sur received his M.S. and Ph.D. degrees in Department of Com-puter Science from Pukyong National University, Republic of Koreain 2004 and 2010, respectively. He is currently a post doctor courseresearcher in the Graduate School of Information Science and Elec-trical Engineering, Kyushu University, Japan. His research interestsare related with applied cryptography, network security, and securee-commerce.

123

A Privacy-Preserving Location Assurance Protocol for Location-Aware Services 791

Kyung-Hyune Rhee received his M.S. and Ph.D. degrees from KoreaAdvanced Institute of Science and Technology (KAIST), Daejon Koreain 1985 and 1992, respectively. He worked as a senior researcher inElectronic and Telecommunications Research Institute (ETRI), DaejonKorea from 1985 to 1993. He also worked as a visiting scholarin the University of Adelaide, the University of Tokyo, and theUniversity of California, Irvine. He has served as a Chairman of Divi-sion of Information and Communication Technology, Colombo PlanStaff College for Technician Education in Manila, the Philippines.He is currently a professor in the Department of IT Convergenceand Application Engineering, Pukyong National University, BusanKorea. His research interests center on key management and its appli-cations, mobile communication security and security evaluation ofcryptographic algorithms.

123