On Non-cooperative Location Privacy: A Game-theoretic Analysis
In mobile networks, authentication is a required primitive of the majority of security protocols. However, an adversary can track the location of mobile nodes by monitoring pseudonyms used for authentication. A frequently proposed solution to protect location privacy suggests that mobile nodes collectively change their pseudonyms in regions called mix zones. Because this approach is costly, self-interested mobile nodes might decide not to cooperate and could thus jeopardize the achievable location privacy. In this paper, we analyze the non-cooperative behavior of mobile nodes with a game-theoretic model, where each player aims at maximizing its location privacy at a minimum cost. We first analyze the Nash equilibria in $n$-player complete information games. Because mobile nodes in a privacy-sensitive system do not know their opponents' payoffs, we then consider incomplete information games. We establish that symmetric Bayesian-Nash equilibria exist with simple threshold strategies in $n$-player games and derive the equilibrium strategies. By means of numerical results, we show that mobile nodes become selfish when the cost of changing pseudonym is small, whereas they cooperate more when the cost of changing pseudonym increases. Finally, we design a protocol - the PseudoGame protocol - based on the results of our analysis.
FreudigerMHP2009.pdf
openaccess
632.05 KB
Adobe PDF
8779bb59bd3a64cf5f8afdb4fa3cd3cf
FreudigerMHPCCS2009.pptx
openaccess
1.87 MB
Microsoft Powerpoint XML
869deffa42da77979f50f28d47e8243a