An Anonymous On-Street Parking Authentication Scheme via Zero-Knowledge Set Membership Proof

TL;DR

This paper presents a privacy-preserving on-street parking authentication scheme using zero-knowledge set membership proofs, ensuring user anonymity and preventing data leakage even if the system is compromised.

Contribution

It introduces a novel zero-knowledge proof-based authentication method for smart city parking systems that maintains user privacy and resists data profiling attacks.

Findings

User anonymity is preserved during authentication.

The system prevents mass-query and profiling of user traces.

Authentication legitimacy is verifiable without revealing user identity.

Abstract

The amount of information generated grows as more and more sensor and IoT devices are deployed in smart cities. It is of utmost importance for us to consider the privacy data leakage and compromised identity from both outside adversaries and inside abuse of data access privilege. The security assumption of the system should not solely rely on the fact that permission and access control were being implemented correctly. Quite the contrary, a system can be designed in a way that user's identity data and usage traces are not leaked even if the system had been compromised. Based upon our previous on-street parking system utilizing Bluetooth Low Energy (BLE) beacons, we applied a cryptographic primitive called zero-knowledge proof to our authentication system. A commitment scheme and Merkle tree is combined in the setup to achieve zero-knowledge set membership proof. Doing so, the user is anonymous to the server between authentication sessions, while the server's still able to verify the legitimacy of such user. The on-street parking system is therefore immune to privacy data leakage, as for now one cannot mass-query and profile certain user's traces within the system.