Network Hexagons Under Attack: Secure Crowdsourcing of Geo-Referenced Data

TL;DR

This paper analyzes security vulnerabilities in the Nexagon protocol for geo-referenced data collection in ITS, proposing an enhanced architecture with PKI and pseudonyms to improve privacy without significant performance loss.

Contribution

It identifies security flaws in Nexagon and introduces a novel security architecture combining PKI and pseudonyms to mitigate privacy risks effectively.

Findings

Nexagon is vulnerable to user re-identification and session linkage.

The proposed architecture enhances privacy with minimal latency increase.

Prototype validation shows practical deployment feasibility.

Abstract

A critical requirement for modern-day Intelligent Transportation Systems (ITS) is the ability to collect geo-referenced data from connected vehicles and mobile devices in a safe, secure and anonymous way. The Nexagon protocol, which builds on the IETF Locator/ID Separation Protocol (LISP) and the Hierarchical Hexagonal Clustering (H3) geo-spatial indexing system, offers a promising framework for dynamic, privacy-preserving data aggregation. Seeking to address the critical security and privacy vulnerabilities that persist in its current specification, we apply the STRIDE and LINDDUN threat modelling frameworks and prove among other that the Nexagon protocol is susceptible to user re-identification, session linkage, and sparse-region attacks. To address these challenges, we propose an enhanced security architecture that combines public key infrastructure (PKI) with ephemeral pseudonym certificates. Our solution guarantees user and device anonymity through randomized key rotation and adaptive geospatial resolution, thereby effectively mitigating re-identification and surveillance risks in sparse environments. A prototype implementation over a microservice-based overlay network validates the approach and underscores its readiness for real-world deployment. Our results show that it is possible to achieve the required level of security without increasing latency by more than 25% or reducing the throughput by more than 7%.