Anonymous Electronic Toll Collection

1
Anonymous Electronic Toll Collection
IGNSS 2007 Symposium on GPS/GNSS 4-6 December 2007
Muhammad Usman Iqbal Samsung Lim The University
of New South Wales
School of Surveying Spatial Information
Systems The University of New South Wales,
Australia
2
Mobility Pricing vs. Location Privacy
vehicle parked ? Significant location
GPS-based Insurance
3
Current Toll Operation
4
Electronic Toll Collection
2
1
3

• The convenience of a faster trip is at the cost
  of loss of anonymity
• Possibility of function creep with storage of
  identifying data

5
Melbourne CityLinks Credit Card Breach

• An employee passed customer credit card details
  for internet shopping sprees

• Federal Privacy Commissioner conducted review
• Made suggestions to improve security
• Suggestions dont guarantee against future
  breaches

6
Federal Legislation and Standards

• Wherever it is lawful and practicable,
  individuals must have the option of not
  identifying themselves when entering transactions
  with an organisation (NPP 8, Federal Privacy
  Law)
• The operator should provide customers and
  patrons with the option of anonymous operation on
  either a permanent or casual basis.
  (Recommendation 4, AS 4721)

7
Melbourne CityLink

• Anonymous operation widely publicised
• Documents in Victorian Parliament
• Anonymous non-existent on Transurbans website

8
Highway 407, Canada

• Ontario Privacy Commissioners Guidelines
• 4 in 6 Million anonymous transponders
• Not popular vs. Unrealistic administrative
  burdens

9
Countering Arguments

• NPP not applicable to State Govt Entities
• (e.g Eastern Distributor)
• An organisation must not collect personal
  information unless the information is necessary
  for one or more of its functions or activities
  (NPP 8, Federal Privacy Law)

10
(non) Compliance
11
Other ETC Systems

• Dynicash
• David Chaums Blind Digital Signatures
• Implemented in Denmark and Japan
• Unsuccessful
• All of them prepaid

12
Research Aims

• Cryptographic Techniques
• Develop anonymous payment protocol
• Post-paid
• Minimise Video-based enforcement

13
Cryptographic Tools Zero Knowledge Proofs
1
2
3
14
Cryptographic Tools Blind Digital Signatures
15
Protocol Entities
Motorist
Toll operator
Toll Gantry
Visual Enforcement
16
Protocol Design
Registration
Event
Reconciliation
17
Registration
18
Toll Event
19
Spatio-temporal info Stripped
Position Time
Spent spatio-temporal info
Accounts Receivable
20
Payment/ Debt Collection
Using Zero Knowledge Proof Technology, Motorist
and Toll Collection Reconcile their
accounts. Same procedure followed for next
billing cycle
21
Protocol Operation

• Toll Company only knows about digital signature
  (fingerprint) of the list of identities
• Toll Gantry receives a different ID for storage
• Motorists location cannot be tracked
• Credit-card/Pre-auth like post-pay mechanism
• Motorist who doesnt engage in debt collection
  forfeits right to travel in future

22
Concluding Remarks

• Anonymous Post-pay ETC is possible
• Legislation and Standards support it
• A technical solution to a social problem
• Encourages ETC providers to design
  privacy-respecting solutions
• Future work Implement prototype

23
Acknowledgement

• This work is supported by Omnilink Pty Ltd.

24
Thank you for your time!

• Questions?