Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A privacy preserving querying mechanism with high utility for electric vehicles

Ugur Ilker Atmaca, Sayan Biswas, Carsten Maple, Catuscia Palamidessi

TL;DR

This paper addresses the privacy risks of EVs querying charging stations during journeys. It introduces Approximate Geo-Indistinguishability (AGeoI), a formal, bounded-utility extension of Geo-Indistinguishability tailored to road networks, coupled with dummy location generation and an Iterative Bayesian Update (IBU) to infer live charging-station occupancy without revealing individual query locations. The authors prove compositionality for AGeoI, derive a truncated-Laplace mechanism that satisfies $(\epsilon,\delta)$-AGeoI, and design a three-tier IoV architecture (Vehicle, Edge, Cloud) with a third-party CS provider to enable private, real-time route planning. Experimental results on real SF road-data show that a large majority of EVs achieve privacy with minimal or zero additional travel cost, and IBU can accurately predict CS occupancy, supporting practical, privacy-preserving journey planning.

Abstract

Electric vehicles (EVs) are gaining popularity due to the growing awareness for a sustainable future. However, since there are disproportionately fewer charging stations than EVs, range anxiety plays a major role in the rise in the number of queries made along the journeys to find an available charging station. On the other hand, the use of personal data in various types of analytics is increasing at an unprecedented rate. Hence, the risks of privacy violation are also surging. Geo-indistinguishability is one of the standards for formalising location privacy as a generalisation of the local differential privacy. However, the noise has to be carefully calibrated considering the implications of potential utility-loss. In this paper, we introduce approximate geo-indistinguishability (AGeoI) which allows the EVs to obfuscate the individual query-locations while ensuring that they remain within their preferred area of interest. It is vital because journeys are often sensitive to a sharp drop in QoS, which has a high cost for the extra distance to be covered. We apply AGeoI and dummy data generation to protect the privacy of EVs during their journeys and preserve the QoS. Analytical insights and experiments are used to demonstrate that a very high percentage of EVs get privacy for free and that the utility-loss caused by the privacy-gain is minuscule. Using the iterative Bayesian update, our method allows for a private and highly accurate prediction of charging station occupancy without disclosing query locations and vehicle trajectories, which is vital in unprecedented traffic congestion scenarios and efficient route-planning.

A privacy preserving querying mechanism with high utility for electric vehicles

TL;DR

This paper addresses the privacy risks of EVs querying charging stations during journeys. It introduces Approximate Geo-Indistinguishability (AGeoI), a formal, bounded-utility extension of Geo-Indistinguishability tailored to road networks, coupled with dummy location generation and an Iterative Bayesian Update (IBU) to infer live charging-station occupancy without revealing individual query locations. The authors prove compositionality for AGeoI, derive a truncated-Laplace mechanism that satisfies -AGeoI, and design a three-tier IoV architecture (Vehicle, Edge, Cloud) with a third-party CS provider to enable private, real-time route planning. Experimental results on real SF road-data show that a large majority of EVs achieve privacy with minimal or zero additional travel cost, and IBU can accurately predict CS occupancy, supporting practical, privacy-preserving journey planning.

Abstract

Electric vehicles (EVs) are gaining popularity due to the growing awareness for a sustainable future. However, since there are disproportionately fewer charging stations than EVs, range anxiety plays a major role in the rise in the number of queries made along the journeys to find an available charging station. On the other hand, the use of personal data in various types of analytics is increasing at an unprecedented rate. Hence, the risks of privacy violation are also surging. Geo-indistinguishability is one of the standards for formalising location privacy as a generalisation of the local differential privacy. However, the noise has to be carefully calibrated considering the implications of potential utility-loss. In this paper, we introduce approximate geo-indistinguishability (AGeoI) which allows the EVs to obfuscate the individual query-locations while ensuring that they remain within their preferred area of interest. It is vital because journeys are often sensitive to a sharp drop in QoS, which has a high cost for the extra distance to be covered. We apply AGeoI and dummy data generation to protect the privacy of EVs during their journeys and preserve the QoS. Analytical insights and experiments are used to demonstrate that a very high percentage of EVs get privacy for free and that the utility-loss caused by the privacy-gain is minuscule. Using the iterative Bayesian update, our method allows for a private and highly accurate prediction of charging station occupancy without disclosing query locations and vehicle trajectories, which is vital in unprecedented traffic congestion scenarios and efficient route-planning.
Paper Structure (24 sections, 5 theorems, 12 equations, 9 figures, 1 table, 2 algorithms)

This paper contains 24 sections, 5 theorems, 12 equations, 9 figures, 1 table, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Approximate geo-indistinguishability
  5. System Model
  6. Problem Statement
  7. Road Network Model
  8. System Architecture
  9. Vehicle Tier
  10. Edge Tier
  11. Cloud Tier
  12. Third-party Service Provider
  13. Communication Channel
  14. Privacy Threat Landscape
  15. Proposed Method
  16. ...and 9 more sections

Key Result

Theorem 4.1

[Compositionality Theorem for AGeoI] Let mechanisms $\mathcal{K}_1$ and $\mathcal{K}_2$ be $(\epsilon_1,\,\delta_1)$ and $(\epsilon_2,\,\delta_2)$ geo-indistinguishable, respectively. Then their composition is $(\epsilon_1+\epsilon_2,\,\delta_1+\delta_2)$-geo-indistinguishable. In other words, for e

Figures (9)

  • Figure 1: System Architecture (EV:Electric Vehicle, RSU: Roadside Unit, MEC: Mobile-Edge Computing Unit)
  • Figure 2: Reported dummy and privatised locations for two respective time windows (White Pins: Privatised locations, Orange Pins: Dummy locations in $1^{\text{st}}$ Time window, Blue Pins: Dummy locations in $2^{\text{nd}}$ Time window)
  • Figure 3: A toy example for a static location query on discrete road network
  • Figure 4: A toy example for linked 3 location queries on discrete road network
  • Figure 5: CoS for varying $\epsilon$ or $r$ of AGeoI ($1st$ row is for sparse CSs, $2nd$ row is for dense CSs)
  • ...and 4 more figures

Theorems & Definitions (20)

  • Definition 3.1: Differential privacy DworkDP1DworkDP2
  • Definition 3.2: Local differential privacy DuchiLDP
  • Definition 3.3: Geo-indistinguishability AndresKostasCatuscia_GeoInd
  • Definition 3.4: Iterative Bayesian update AgarwalIBU
  • Definition 4.1: Approximate geo-indistinguishability
  • Theorem 4.1
  • proof
  • Definition 4.2: Truncated Laplace mechanism
  • Lemma 4.1
  • proof
  • ...and 10 more