Resumen de Privacy-preserving protocols for vehicular transport systems

Ricard Borges Llorens

• Nowadays, the use of smart devices connected to the Internet by most of the population is a reality. In an e-society, most transactions and procedures can be performed digitally. This provides several benefits to the society to which we belong. Nevertheless, new challenges to overcome have appeared.

  This thesis is focused on the privacy of citizens while using vehicular transport systems within an e-society frame. Specifically, the thesis contributes to two subcategories. The first one refers to pay-by-phone systems for parking vehicles in regulated public areas. The second one is about the use of e-tickets in public transport systems allowing transfers between connecting lines.

  Traditionally, payment systems for regulated public parking areas have been based on the use of pay and display machines. The customer purchases a ticket from a machine and displays it on the dashboard of the car. Tickets are usually acquired by inserting coins into the pay station so that the identity of customers is not revealed. Nowadays, several apps running on the smartphone of customers are available for making this type of payments. The digitization of this process involves the automatic collection of data about all the parking transactions performed by all the users which could be used to deduce sensitive information about people's mobility.

  Public transport systems with transfers between connecting lines are based on the reusability of tickets in a limited way during an established period of time. There are several proposals allowing users to purchase one-use e-tickets that guarantee the privacy of users. Current proposals allowing reusability are not adequate when in-situ inspections are possible. After an inspection, all the details about user's journey can be linked and deanonymized.

  A careful analysis of data collected by service providers can provide sensitive personal information such as: work schedule, profession, hobbies, health problems, political tendencies, sexual inclinations, etc. Although the law, like the European GDPR, requires the correct use of the data collected by service providers, data can be used for illegal purposes after being stolen as a result of a cyber-attack or after being leaked by an internal dishonest employee. Therefore, the design of privacy-preserving solutions for mobility-based services is mandatory in the e-society.