Privacy-Safe Architecture for IoV Intelligent Perception Systems

☞2021 Issue 6 Directory ▏Special Topic: Internet of Vehicles

☞Discussion on IoV Application Technologies Based on 5G Cloud Network Integration

☞Research on Virtual Simulation Platform for Vehicle-Road Coordination Based on Digital Twin

☞Current Status and Prospects of Light Tag-Enabled Vehicle-Road Coordination

Research on C-V2X Channel Characteristics and Modeling Methods

C-V2X Slice Random Access Technology

☞Research on the Development Status and Testing Methods of IoV Roadside Perception Systems

☞Research on Cellular Vehicle-to-Everything (C-V2X) Evolution Technologies

☞Key Technologies for Vehicle-Road Coordination Aimed at High-Level Autonomous Driving

☞Research on C-V2X IoV Secure Communication Solutions

Vehicle/Network/Special Topic 102021 · Issue 6

Privacy-Safe Architecture for IoV Intelligent Perception Systems*

By Zhao Pinchan, Fu Yuchuan, Li Changle

(1. National Key Laboratory of Integrated Business Network Theory and Key Technologies, Xi’an University of Electronic Science and Technology, Xi’an, Shaanxi 710071; 2. Intelligent Transportation Research Institute, Xi’an University of Electronic Science and Technology, Xi’an, Shaanxi 710071)

*Funding Project: National Natural Science Foundation (U1801266, 62101401); Youth Innovation Team of Shaanxi Universities

【Abstract】The intelligent perception of the Internet of Vehicles (IoV) can fully utilize the mobility of participating vehicles to provide precise data services to individuals or organizations in need. However, this also poses significant privacy and security threats during V2X communication. Therefore, this paper first analyzes the key factors that need to be considered in the design of the IoV intelligent perception system architecture, discusses the privacy and security threats faced by the intelligent perception system and the corresponding security requirements, and finally proposes a privacy-secure, blockchain-enabled conditional distributed IoV intelligent perception system architecture, providing a reference for the future development, improvement, deployment, and application of IoV intelligent perception systems.

【Keywords】Internet of Vehicles; Intelligent Perception; Privacy Protection; Blockchain Technology

doi:10.3969/j.issn.1006-1010.2021.06.006

Classification Number: TN929.5 Document Identifier Code: A

Article Number: 1006-1010(2021)06-0037-06

Citation Format: Zhao Pinchan, Fu Yuchuan, Li Changle. Privacy-Safe Architecture for IoV Intelligent Perception Systems [J]. Mobile Communications, 2021, 45(6): 37-42.

Privacy-Safe Architecture for IoV Intelligent Perception Systems

0 Introduction

The development of autonomous vehicles and the construction of smart mobility impose extremely strict demands on the quality and quantity of data[1]. On one hand, the maturity of autonomous vehicle technology specifications relies on the support of big data; by analyzing the driving habits hidden behind driving big data, further progress in autonomous driving technology can be promoted. On the other hand, high-quality and reliable traffic data is the key foundation for promoting smart mobility, helping users analyze and choose the optimal travel route through real-time collection and analysis of traffic big data, thereby optimizing travel efficiency in real time. Intelligent perception, as an efficient means of data collection, can well match the data requirements of the Internet of Vehicles by fully combining the “wisdom of the crowd” and the mobility of vehicles to perceive the target area and purposefully collect data, thus providing precise data services to organizations or individuals in need[2]. However, intelligent perception without privacy protection will completely expose the vehicle’s movement trajectory to the outside world, making privacy security issues one of the key factors limiting its widespread application[3-5].

The current architecture of intelligent perception systems is mainly divided into two types: centralized and distributed system architectures[6]. Centralized methods, also known as platform-based, primarily rely on the unified deployment of a central server (platform) for system operations such as task publishing, user matching, and data submission, all managed by the server. Operations between users require the server as an intermediary for communication. Although the centralized server approach provides convenience for collaborative management and control, it also brings many serious challenges, one of which is privacy security issues. Once the platform is attacked and the stored data is leaked, it can cause great social panic. In 2019, a shared car rental platform in the Middle East was attacked, resulting in the leakage of personal information of about 14 million users[7]. Following Satoshi Nakamoto’s proposal of a blockchain-based Bitcoin scheme in 2008[8], distributed methods based on blockchain gradually matured, becoming an effective solution to the problem of unreliable central platforms. Distributed networks use a peer-to-peer approach, eliminating the need for a central server to manage and store data. Moreover, the interaction processes between users are recorded in plain text on the blockchain and stored locally by each user, ensuring data security and immutability. However, due to the nature of plain text records, external attackers with strong computing capabilities can still deduce user identity information through the analysis of a user’s participation information and other users’ participation chains. Thus, the distributed approach is not entirely reliable. Furthermore, managing malicious behaviors in distributed networks poses difficulties; when malicious or even criminal information is published in the system, tracking and tracing malicious users becomes challenging due to the anonymity of user operations[9-10].

In addition to the large-scale user privacy security issues that may arise from system architecture, participating users also face various security threats during system operations. For users with data needs, their specific data requests also indicate their demand for specific services. For example, if a user requests data on a certain brand of vehicle’s fuel consumption and driving comfort on urban roads, that user may be a potential consumer of that brand’s vehicles. If this information is obtained by car sales personnel, the user may be inundated with a barrage of sales messages[11]. Additionally, data-providing users also face a degree of privacy security issues, as the collected data often relates to the user’s personal environment: where they are, where they come from, where they are going, and where they have been. If this information is obtained by malicious individuals, users may even face the risk of being tracked.

Therefore, although intelligent perception can provide an efficient and reliable data source for the development of autonomous driving, its development must prioritize solving privacy security issues. This paper focuses on protecting the privacy security of users in the IoV intelligent perception system, emphasizing the current system architecture design for user privacy protection and specific privacy security requirements. Finally, based on the above discussions, we propose a conditional distributed architecture for protecting privacy security in intelligent perception systems and conduct effectiveness analysis of security threat protection, providing a theoretical basis and guidance for future system design.

1 Architecture and Design Requirements of IoV Intelligent Perception Systems

1.1 IoV Intelligent Perception System Model

Intelligent perception establishes a supply-demand relationship between users with data needs and users capable of providing data, allowing data to be fully utilized by users in need. At the same time, data-providing users can also receive certain rewards. Users with data needs must publish their requests in the form of tasks and are thus referred to as task publishers or data requesters (this paper refers to them as task publishers). Users participating in perception tasks submit perception data to task publishers within the task deadline based on task requirements and are referred to as task executors or data providers (this paper refers to them as task executors).

Generally, task publishers are typically ordinary users or car manufacturers with information/data needs, sharing the commonality that they usually lack sufficient capacity to execute perception tasks and obtain perception data themselves. Thus, it is necessary to select users with perception capabilities to execute corresponding tasks. Task executors are usually vehicles equipped with perception, communication, computation, and storage capabilities. Onboard sensors are used to collect and store data purposefully according to task requirements or process data content to obtain information hidden in perception data. Task executors must send the perceived or processed information to task publishers before the task deadline and receive corresponding rewards for executing the task.

Based on the different ways users interact, the architecture of intelligent perception is mainly divided into centralized and distributed methods, with the primary distinction being whether there exists a central server responsible for managing user operations and data flow. The working mechanisms and characteristics of both methods will be elaborated below.

1.2 Centralized IoV Intelligent Perception System Architecture

Figure 1 shows a centralized intelligent perception system architecture, where a central platform (referred to as the platform in this paper) serves as the operation and scheduling center. First, the platform acts as a service provision center, providing corresponding services for task publishers and task executors, facilitating simple and efficient interactions among participants through an intuitive interface. Simultaneously, the platform serves as a data scheduling center, where operations such as task display based on data needs and user selection based on rules are managed, processed, and recorded through the centralized platform. Additionally, the platform also functions as a regulatory center, responsible for tracking and tracing malicious operations.

Privacy-Safe Architecture for IoV Intelligent Perception Systems

However, the platform is not entirely trustworthy. On one hand, the platform may honestly provide various services to users, adhering to basic intelligent perception rules to complete fundamental platform operations. On the other hand, to increase its own profits, the platform may become curious about users’ needs or data, illegally collecting or backing up user data to achieve targeted content pushing. Therefore, in general, the platform is honest yet curious[12].

1.3 Distributed IoV Intelligent Perception System Architecture

In contrast, the distributed architecture of the intelligent perception system does not have a super node with unified deployment; all nodes are equal. Therefore, the primary challenge for distributed systems is the typical Byzantine Generals Problem, which ensures normal network operation in the presence of dishonest nodes. Since the release of the blockchain white paper by Satoshi Nakamoto in 2008[8], blockchain-based virtual currency systems have become a typical representative of distributed systems. The introduction of Ethereum smart contracts marked another significant leap for distributed systems, allowing blockchain+X to become possible. Currently, distributed intelligent perception systems are mainly blockchain-based, as shown in Figure 2.

Privacy-Safe Architecture for IoV Intelligent Perception Systems

From the perspective of system architecture, blockchain-based distributed systems are primarily divided into two layers: the user layer and the consensus layer. The user layer is mainly responsible for addressing various interaction operations between participating users and the system, converting user needs into network-authenticable, verifiable, and identifiable interaction information. The consensus layer is responsible for verifying interaction information and achieving consensus, thereby enabling encrypted transmission and recording of information. This information is first forwarded to the consensus network, where miner nodes verify and package it into blocks. After consensus, the block will be added to the chain, thus synchronizing block information across the entire network. Therefore, even users not in the same network region/location can achieve encrypted transmission of information. Additionally, since the network is peer-to-peer, all nodes in the network store the complete blockchain, ensuring the security of the information stored in each node even without a centralized coordinating node. Thus, unless an attacker controls more than 50% of the network’s computing power, data tampering is considered impossible.

However, the distributed approach sacrifices some operational and management flexibility while enhancing data security. On one hand, miner nodes must perform extensive verification, packaging, and other operations for user-uploaded data, and to ensure the efficiency and order of system operation under a large number of operations, users’ available operations are significantly limited. In the Bitcoin system, the only operation users can perform is transferring money, so miners only need to verify transfer information during verification. When the blockchain system is integrated into the intelligent perception system, the diversity of operations adds complexity and difficulty to system design and miner verification. On the other hand, the absence of a central controlling node in the system makes malicious operations easier and less constrained. Malicious users in the system will be difficult to track and trace; when malicious events occur, such as the publication of task information related to crime, it may even trigger a crisis of social trust.

1.4 Design Requirements of System Architecture

The design of the system architecture needs to consider the functional capabilities that the system can achieve while avoiding potential hard defects. First, to ensure the quality of user experience, there needs to be a unified functional display platform, allowing users to perform visual operations and significantly reducing the difficulty of user operations. Second, when facing external attacks, the system should maintain robustness, ensuring users can safely participate in system operations without worrying about privacy security attacks or privacy leakage from within or outside the system. Third, the system needs to ensure operational efficiency; for both task publishers and task executors, user operations need to receive timely feedback from the system. Fourth, the system should ensure effective management; when malicious events occur, the system can effectively prevent, trace, track, and punish them. These design requirements ensure that the system can operate efficiently, reliably, and securely from user, system, and management perspectives.

2 Privacy Analysis and Security Requirements of IoV Intelligent Perception Systems

2.1 Potential Privacy Security Attacks in the System

Based on the participation methods and internal characteristics of the system, users participating in the system will face privacy security threats from multiple aspects. From the system’s perspective, privacy threats mainly come from both internal and external sources. Internal entities in the system include task publishers, task executors, and centralized platforms, all of which may spy on other users’ privacy to increase their own benefits or for other purposes. External attackers are primarily observers or hackers who launch attacks on the network system or single nodes. Therefore, the system and internal entities face the following security threats:

(1) Privacy security threats faced by task publishers: Task publishers publish corresponding perception tasks based on their data needs, so the content of the tasks can reflect the recent needs of the publishers. Once this information is obtained by other users or the platform, the user may continuously suffer from advertising harassment.

(2) Privacy security threats faced by task executors: After obtaining the right to execute tasks, task executors will collect data based on task requirements. However, since the data collected is often human-centered and closely related to the user and their social life, this data (such as images, videos) is likely to leak personal privacy of these users, potentially leading to the risk of users being tracked. Additionally, due to the cost incurred by executors in performing data perception tasks, some opportunistic executors may illegally obtain corresponding rewards by copying and tampering with other executors’ data, which will severely undermine the participation and fairness of other task executors.

(3) Security threats faced by the network system: The system may face risks from various external network attacks. First, for centralized networks, single-point failure is one of the unavoidable issues with centralized methods[13]. Once attacked, a large amount of user privacy information will be at risk of being stolen. Second, for distributed networks, they may face distributed denial-of-service attacks, where attacked users will be unable to use the system’s functions normally and may even face economic losses.

2.2 Privacy Protection Requirements

Corresponding to the above analysis, when designing the intelligent perception system, designers need to consider the following factors regarding user privacy security:

(1) Identity privacy protection: Users’ identity information cannot be linked to their usernames (nicknames) in the system, meaning that external observers cannot infer users’ real identities by observing the names and behaviors of users in the system.

(2) Location privacy protection: Since task executors need to perform perception tasks in specific areas, users’ location privacy must be strictly protected. That is, except for task executors and task publishers, no other entities should be able to know that the task executor has passed through that location.

(3) Data privacy protection: Apart from task publishers and task executors, no other entities inside or outside the system should obtain the content of perception data, while preventing data from being tampered with or copied by other participants.

(4) Malicious user tracking: Users who publish malicious task information or continuously submit malicious data in the system should be traceable and subject to corresponding punishment to prevent the fairness and justice of the system from being compromised.

(5) User reputation management: Users in the system have reputation attributes to record their attitudes towards participation in the system and encourage more active participation. Reputation values should not be linked to user identities, meaning that external observers cannot establish relationships between identities and usernames through changes in reputation scores and users’ participation records.

3 Conditional Distributed IoV Intelligent Perception System Architecture for Privacy Protection

3.1 Introduction to System Architecture

The centralized architecture of intelligent perception systems constantly faces the risk of single-point failure, while the trustworthiness of the platform also needs consideration[14]. The distributed system faces inflexible management capabilities, and the combination of blockchain with intelligent perception systems also introduces complexity in system operations. Based on the above analysis, to effectively overcome the shortcomings of purely centralized and purely distributed system architectures, this paper proposes a blockchain-enabled conditional distributed IoV intelligent perception architecture, providing a new solution for the future design and improvement of IoV intelligent perception systems, as shown in Figure 3.

Privacy-Safe Architecture for IoV Intelligent Perception Systems

The participating entities in the system are mainly divided into three categories: reputation management center, application platform, and participating users. The reputation management center is generally a national traffic management department or a trusted enterprise with management authority, serving as a trusted third-party management center primarily responsible for managing the reputation of participating users and detecting and tracking malicious behaviors within the system. The application platform is typically an enterprise-level application responsible for providing task display and interface functions for participating users. It also possesses sufficient computing and storage resources to check and record the status of transactions in the system and is responsible for providing a visual display interface to effectively reduce the difficulty of user operations. The application platform serves only as a display center and does not act as a data transfer and control center. The blockchain-based distributed system is responsible for recording and checking the legality and correctness of transactions between users, while the presence of the reputation management center effectively compensates for the inflexibility of management in distributed systems.

The system is primarily divided into three layers: user layer, consensus layer, and management layer. The user layer is responsible for providing interfaces for user interaction, manifested in secure interactions between users to facilitate their participation in the IoV intelligent perception system operations. The consensus layer is responsible for confirming the legality and correctness of transaction operations between users and achieving consensus and recording across the entire network, ensuring that every transaction between users is substantiated and that data security is maintained. The system includes two specially designed smart contracts: relay task contracts and specific task contracts. The relay task contract serves as a relay for users, breaking the relationship between users’ plaintext participation records and their identities and specific operations, making it impossible to trace users’ operations. The validity and correctness of operations are ensured through zero-knowledge proof. The specific task contract ensures a valid employment relationship between task publishers and task executors, allowing tasks to be conducted reasonably and compliantly. Lastly, the management layer’s authority is limited to user reputation and malicious operations. The reputation management center also does not act as a data transfer center, thus avoiding the single-point failure issues of centralized methods.

3.2 Privacy Security Protection Analysis

Based on the potential privacy threats discussed in Section 2.1 and the privacy security protection requirements in Section 2.2, we conduct a security protection analysis of the proposed conditional distributed intelligent perception system architecture.

(1) Identity privacy protection: Our proposed scheme breaks the association between the real identity of system participants and account addresses. When users participate in the system, their private keys are securely stored by the users themselves, and public keys serve as account addresses for system participation. The association between users’ identities and accounts is only stored at the trusted reputation management center. Additionally, when the reputation management center generates certificates for users to participate securely in the system, a dual commitment method is employed, ensuring the validity and correctness of identities while ensuring verifiability of transactions. Finally, using relay smart contracts ensures that external observers cannot track users’ system participation records through the plaintext records of the blockchain. In summary, apart from the reputation management center, no entity can obtain users’ real identity information, the relationship between users’ public key addresses, and their participation records, thus achieving strict identity privacy protection.

(2) Data privacy protection: The conditional distributed intelligent perception system architecture ensures that no participating entity other than task publishers can obtain the data submitted by task executors. The analysis is as follows: first, before submitting data to task publishers via the blockchain network, task executors must encrypt the data using the task publisher’s public key, ensuring that third parties cannot access the data. They also sign the encrypted data with a one-time signature public key, ensuring correct transmission and preventing tampering. Furthermore, the interaction between task publishers and task executors is not direct peer-to-peer communication; users’ operations are recorded in plain text on the blockchain, and the execution of the relay smart contract occurs in a secure sandbox environment, effectively safeguarding the security of data during relay. Finally, the certificates obtained by participating users after registration at the reputation management center can effectively verify the correctness of the data while ensuring the security of users’ personal data. Therefore, from both the perspective of transaction content and calling methods, the system can effectively ensure data privacy.

(3) Location privacy protection: The conditional distributed intelligent perception system architecture can effectively safeguard users’ location privacy, with the corresponding analysis divided into three aspects. First, adversaries may establish a relationship between users’ account addresses and real identities through physical observation, thereby analyzing users’ location privacy by retrieving participation records associated with that address. Our proposed architecture can resist such attacks; since task executors first participate in the system by invoking relay smart contracts, as long as more than one user invokes the smart contract during a consensus time slot, adversaries cannot discern users’ real identities from the invocation records and thus cannot analyze users’ travel trajectories. Second, the system can prevent location privacy threats arising from the leakage of perception data, as it can ensure the confidentiality of data, preventing third-party entities (including the reputation center) from obtaining users’ location information. Lastly, even if adversaries successfully establish a relationship between users’ identities and account addresses, users can periodically update their public key addresses to avoid such risks, making it impossible to establish associations between addresses before and after the change. Therefore, the system can effectively safeguard users’ location privacy.

(4) Effective reputation management and tracking of malicious users: Since the system architecture is based on conditional distribution, all participating users’ operations are primarily based on the peer-to-peer network of blockchain, thus exhibiting strong robustness even in the face of external network attacks. Additionally, to prevent malicious situations arising from the abuse of anonymity, the presence of the reputation management center in the network can effectively compensate for the lack of flexibility in management within distributed networks. The reputation management center is responsible only for checking users’ reputation statuses and does not have the capability to view or interfere with the normal participation of users in the system. Furthermore, the conditional distributed intelligent perception system can provide effective reputation management through a reputation update algorithm, helping task publishers accurately identify reliable users to obtain high-quality data while enabling reliable task executors to gain task execution rights in a more advantageous manner. Thus, the conditional distributed intelligent perception system can provide effective reputation management and achieve tracking of malicious users.

In summary, by adopting a combination of blockchain and reputation management centers, the characteristics of distributed and centralized systems are effectively integrated and supplemented, making data collection based on IoV intelligent perception more efficient, reliable, and secure.

4 Conclusion

The IoV intelligent perception system is an effective method to address the high-quality and large-quantity data demand issues in the future development of autonomous driving. However, it faces severe privacy and security challenges. This paper analyzes the development trends of current intelligent perception systems from both architectural and security perspectives, as well as the key issues restricting their development, and proposes a blockchain-enabled conditional distributed system architecture, analyzing its characteristics and advantages, which can provide a new idea for the subsequent development, improvement, deployment, and operation of intelligent perception systems.

★The original text was published in Mobile Communications Issue 6, 2021★

doi:10.3969/j.issn.1006-1010.2021.06.006

Classification Number: TN929.5 Document Identifier Code: A

Article Number: 1006-1010(2021)06-0037-06

Citation Format: Zhao Pinchan, Fu Yuchuan, Li Changle. Privacy-Safe Architecture for IoV Intelligent Perception Systems [J]. Mobile Communications, 2021, 45(6): 37-42.

Privacy-Safe Architecture for IoV Intelligent Perception SystemsAuthor Introduction

Zhao Pinchan (orcid.org/0000-0001-7393-5016): PhD student at Xi’an University of Electronic Science and Technology, research direction includes mobile intelligent perception, blockchain technology, and privacy protection in the Internet of Vehicles.

Fu Yuchuan: Currently a lecturer and master’s supervisor at Xi’an University of Electronic Science and Technology, research direction includes algorithm design in the Internet of Vehicles and autonomous driving.

Li Changle: Currently a professor and doctoral supervisor at Xi’an University of Electronic Science and Technology, research direction includes intelligent transportation systems, mobile self-organizing networks in the Internet of Vehicles, and wireless sensors.

The submission method for Mobile Communications is online submission

Please log in to the web submission system

Link address:http://ydtx.cbpt.cnki.net

Privacy-Safe Architecture for IoV Intelligent Perception SystemsPrivacy-Safe Architecture for IoV Intelligent Perception Systems

Scan to follow

Latest updates from Mobile Communications

Previous highlights▼19 articles! “6G Special” papers are here《Mobile Communications》2022 Special Call for Papers plan 【2021 Issue 5】 “Integration of Air, Land, Sea” special papers (14 articles) 【Review】 5G Network Innovation Seminar (2021) successfully held in Beijing 【Link】《Mobile Communications》2021 issues 1-4 special paper collection highlights!2020 full 12 issues paper collection link“6G Special Issue” launched with great fanfare / Contents of Issue 6, 2020

《Mobile Communications》 magazine is supervised by China Electronics Technology Group Corporation and hosted by the Seventh Research Institute of China Electronics Technology Group Corporation. It is a core journal of Chinese science and technology, a “dual effect journal” in the Chinese journal matrix, a fine electronic journal of the Ministry of Industry and Information Technology, an excellent journal in Guangdong Province, and a source journal for Chinese scientific and technological papers. Domestic continuous publication number: CN44-1301/TN, International continuous publication number: ISSN1006-1010, postal issuance code: 46-181.

Privacy-Safe Architecture for IoV Intelligent Perception Systems

Leave a Comment