摘要
The emergence of mobile phones and connected objects has profoundly changed our daily lives. These devices, thanks to the multitude of sensors they embark, allow access to a broad spectrum of services. In particular, position sensors have contributed to the development of location-based services such as navigation, ridesharing, real-time congestion tracking... Despite the comfort offered by these services, the collection and processing of location data seriously infringe the privacy of users. In fact, these data can inform service providers about points of interests (home, workplace, sexual orientation), habits and social network of the users. In general, the protection of users' privacy can be ensured by legal or technical provisions. While legal measures may discourage service providers and malicious individuals from infringing users' privacy rights, the effects of such measures are only observable when the offense is already committed and detected. On the other hand, the use of privacy-enhancing technologies (PET) from the design phase of systems can reduce the success rate of attacks on the privacy of users. The main objective of this thesis is to demonstrate the viability of the usage of PET as a means of location data protection in ridesharing services. This type of location-based service, by allowing drivers to share empty seats in vehicles, helps in reducing congestion, CO2 emissions and dependence on fossil fuels. In this thesis, we study the problems of synchronization of itineraries and matching in the ridesharing context, with an explicit consideration of location data (origin, destination) protection constraints. The solutions proposed in this thesis combine multimodal routing algorithms with several privacy-enhancing technologies such as homomorphic encryption, private set intersection, secret sharing, secure comparison of integers. They guarantee privacy properties including anonymity, unlinkability, and data minimization. In addition, they are compared to conventional solutions, which do not protect privacy. Our experiments indicate that location data protection constraints can be taken into account in ridesharing services without degrading their performance.
摘要译文
移动电话和连接物体的出现深刻地改变了我们的日常生活。这些设备由于他们踏上的众多传感器,允许访问广泛的服务。特别是,位置传感器对导航,riveAling,实时拥塞跟踪等基于位置的服务的开发有助于开发,尽管这些服务提供了舒适性,但位置数据的收集和处理严重侵犯了用户的隐私。事实上,这些数据可以通知服务提供商关于兴趣点(家庭,工作场所,性取向),习惯和社交网络的用户。一般而言,可以通过法律或技术规定确保用户的隐私保护。虽然法律措施可能会阻止服务提供者和恶意个人免于侵犯用户的隐私权,但在犯罪已经犯下和检测到违规时,这些措施的影响才可遵守。另一方面,从系统的设计阶段使用隐私增强技术(PET)可以降低对用户隐私的攻击成功率。本文的主要目标是展示宠物使用作为骑士服务中的位置数据保护手段的可行性。这种类型的基于位置的服务,通过允许司机在车辆中共享空座位,有助于减少拥塞,二氧化碳排放和对化石燃料的依赖。在本文中,我们研究了行程和匹配在riveShiencing上下文中的同步问题,并明确考虑了位置数据(原点,目的地)保护约束。本文提出的解决方案结合了多模式路由算法,其具有多种隐私增强技术,如同性恋加密,私有设置交叉口,秘密共享,整数的安全比较。他们保证了隐私属性,包括匿名,不可用,数据最小化。此外,它们与不保护隐私的传统解决方案进行比较。我们的实验表明,在骑士服务中可以考虑位置数据保护约束,而不会降低其性能。
Ulrich Matchi Aïvodji. Privacy-enhancing technologies for ridesharing[D]. FR: Université Paul Sabatier - Toulouse III, 2018