TY - GEN
T1 - On non-cooperative location privacy
T2 - 16th ACM Conference on Computer and Communications Security, CCS'09
AU - Freudiger, Julien
AU - Manshaei, Mohammad Hossein
AU - Hubaux, Jean Pierre
AU - Parkes, David C.
PY - 2009
Y1 - 2009
N2 - In mobile networks, authentication is a required primitive for the majority of security protocols. However, an adversary can track the location of mobile nodes by monitoring pseudonyms used for authentication. A frequently proposed solution to protect location privacy suggests that mobile nodes collectively change their pseudonyms in regions called mix zones. Because this approach is costly, self-interested mobile nodes might decide not to cooperate and could thus jeopardize the achievable location privacy. In this paper, we analyze the non-cooperative behavior of mobile nodes by using a game-theoretic model, where each player aims at maximizing its location privacy at a minimum cost. We first analyze the Nash equilibria in n-player complete information games. Because mobile nodes in a privacy-sensitive system do not know their opponents' payoffs, we then consider incomplete information games. We establish that symmetric Bayesian-Nash equilibria exist with simple threshold strategies in n-player games and derive the equilibrium strategies. By means of numerical results, we show that mobile nodes become selfish when the cost of changing pseudonyms is small, whereas they cooperate more when the cost of changing pseudonyms increases. Finally, we design a protocol - the PseudoGame protocol - based on the results of our analysis.
AB - In mobile networks, authentication is a required primitive for the majority of security protocols. However, an adversary can track the location of mobile nodes by monitoring pseudonyms used for authentication. A frequently proposed solution to protect location privacy suggests that mobile nodes collectively change their pseudonyms in regions called mix zones. Because this approach is costly, self-interested mobile nodes might decide not to cooperate and could thus jeopardize the achievable location privacy. In this paper, we analyze the non-cooperative behavior of mobile nodes by using a game-theoretic model, where each player aims at maximizing its location privacy at a minimum cost. We first analyze the Nash equilibria in n-player complete information games. Because mobile nodes in a privacy-sensitive system do not know their opponents' payoffs, we then consider incomplete information games. We establish that symmetric Bayesian-Nash equilibria exist with simple threshold strategies in n-player games and derive the equilibrium strategies. By means of numerical results, we show that mobile nodes become selfish when the cost of changing pseudonyms is small, whereas they cooperate more when the cost of changing pseudonyms increases. Finally, we design a protocol - the PseudoGame protocol - based on the results of our analysis.
KW - Game theory
KW - Location privacy
KW - Mobile networks
UR - http://www.scopus.com/inward/record.url?scp=74049097109&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74049097109&partnerID=8YFLogxK
U2 - 10.1145/1653662.1653702
DO - 10.1145/1653662.1653702
M3 - Conference contribution
AN - SCOPUS:74049097109
SN - 9781605583525
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 324
EP - 337
BT - CCS'09 - Proceedings of the 16th ACM Conference on Computer and Communications Security
Y2 - 9 November 2009 through 13 November 2009
ER -