Abstract
With the fast development of e-commerce, there is a higher demand for timely delivery. Logistic companies want to send receivers a more accurate arrival prediction to improve customer satisfaction and lower customer retention costs. One approach is to share (near) real-time location data with recipients, but this also introduces privacy and security issues such as malicious tracking and theft. In this paper, we propose a privacy-preserving real-time location sharing system including (1) a differential privacy based location publishing method and (2) location sharing protocols for both centralized and decentralized platforms. Different from existing location perturbation solutions which only consider privacy in theory, our location publishing method is based on a real map and different privacy levels for recipients. Our analyses and proofs show that the proposed location publishing method provides better privacy protection than existing works under real maps against possible attacks. We also provide a detailed analysis of the choice of the privacy parameter and their impact on the suggested noisy location outputs. The experimental results demonstrate that our proposed method is feasible for both centralized and decentralized systems and can provide more precise arrival prediction than using time slots in current delivery systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agatz, N.A.H., Campbell, A.M., Fleischmann, M., Savelsbergh, M.W.P.: Time slot management in attended home delivery. Transp. Sci. 45(3), 435–449 (2011). https://doi.org/10.1287/trsc.1100.0346
Andrés, M.E., Bordenabe, N.E., Chatzikokolakis, K., Palamidessi, C.: Geo-indistinguishability: differential privacy for location-based systems. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 901–914. ACM (2013). https://doi.org/10.1145/2508859.2516735
Auditshipment: The true cost of package delivery delays (2021). https://www.auditshipment.com/blog/the-true-cost-of-package-delivery-delays/. Accessed 7 Nov 2021
Branch, A.E.: Global Supply Chain Management and International Logistics. Routledge, Abingdon (2008)
Brunswicker, S., Van de Vrande, V.: Exploring open innovation in small and medium-sized enterprises. New Front. Open Innov. 1, 135–156 (2014)
DHL: Parcel delivery in real time (2021). https://www.dhl.de/en/privatkunden/pakete-empfangen/sendungen-verfolgen/live-tracking.html. Accessed 07 Jan 2022
Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_14
Dwork, C., Naor, M., Pitassi, T., Rothblum, G.N.: Differential privacy under continual observation. In: Schulman, L.J. (ed.) STOC 2010, pp. 715–724. ACM (2010). https://doi.org/10.1145/1806689.1806787
Dwork, C., Roth, A.: The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9(3–4), 211–407 (2014). https://doi.org/10.1561/0400000042
Van den Engel, A., Prummel, E.: Organised theft of commercial vehicles and their loads in the European union. European Parliament. Directorate General Internal Policies of the Union. Policy Department Structural and Cohesion Policies. Transport and Tourism, Brussels (2007)
Fang, C., Chang, E.: Differential privacy with \(\delta \)-neighbourhood for spatial and dynamic datasets. In: Moriai, S., Jaeger, T., Sakurai, K. (eds.) ASIA CCS 2014, pp. 159–170. ACM (2014). https://doi.org/10.1145/2590296.2590320
Grmiling, M.: How real time tracking can improve logistics (2021). https://www.hublock.io/how-real-time-tracking-can-improve-logistics/. Accessed 17 Nov 2021
Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2006). https://doi.org/10.1007/b97644
Harnsamut, N., Natwichai, J., Riyana, S.: Privacy preservation for trajectory data publishing by look-up table generalization. In: Wang, J., Cong, G., Chen, J., Qi, J. (eds.) ADC 2018. LNCS, vol. 10837, pp. 15–27. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92013-9_2
Hayashida, S., Amagata, D., Hara, T., Xie, X.: Dummy generation based on user-movement estimation for location privacy protection. IEEE Access 6, 22958–22969 (2018). https://doi.org/10.1109/ACCESS.2018.2829898
Hitaj, B., Ateniese, G., Pérez-Cruz, F.: Deep models under the GAN: information leakage from collaborative deep learning. In: Thuraisingham, B., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 603–618. ACM (2017). https://doi.org/10.1145/3133956.3134012
ISO: ISO/IEC 11770-2:2008, Information technology – Security techniques – Key Management – Part 2: Mechanisms using Symmetric Techniques (2009)
Jiang, H., Li, J., Zhao, P., Zeng, F., Xiao, Z., Iyengar, A.: Location privacy-preserving mechanisms in location-based services: a comprehensive survey. ACM Comput. Surv. 54(1), 4:1–4:36 (2022). https://doi.org/10.1145/3423165
Kairouz, P., Oh, S., Viswanath, P.: The composition theorem for differential privacy. In: Bach, F.R., Blei, D.M. (eds.) ICML 2015. JMLR Workshop and Conference Proceedings, vol. 37, pp. 1376–1385. JMLR.org (2015). http://proceedings.mlr.press/v37/kairouz15.html
Kellaris, G., Papadopoulos, S., Xiao, X., Papadias, D.: Differentially private event sequences over infinite streams. Proc. VLDB Endow. 7(12), 1155–1166 (2014). https://doi.org/10.14778/2732977.2732989
Maouchi, M.E., Ersoy, O., Erkin, Z.: DECOUPLES: a decentralized, unlinkable and privacy-preserving traceability system for the supply chain. In: Hung, C., Papadopoulos, G.A. (eds.) SAC 2019, pp. 364–373. ACM (2019). https://doi.org/10.1145/3297280.3297318
McSherry, F.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Çetintemel, U., Zdonik, S.B., Kossmann, D., Tatbul, N. (eds.) SIGMOD 2009, pp. 19–30. ACM (2009). https://doi.org/10.1145/1559845.1559850
Moriarty, K.M., Kaliski, B., Rusch, A.: PKCS #5: password-based cryptography specification version 2.1. RFC 8018, 1–40 (2017). https://doi.org/10.17487/RFC8018
Saberi, S., Kouhizadeh, M., Sarkis, J., Shen, L.: Blockchain technology and its relationships to sustainable supply chain management. Int. J. Prod. Res. 57(7), 2117–2135 (2019). https://doi.org/10.1080/00207543.2018.1533261
Sahai, S., Singh, N., Dayama, P.: Enabling privacy and traceability in supply chains using blockchain and zero knowledge proofs. In: Blockchain 2020, pp. 134–143. IEEE (2020). https://doi.org/10.1109/Blockchain50366.2020.00024
Savona, E.U.: Organised property crime in the EU. European Parliament. Directorate General for Internal Policies. Policy Department for Citizens’ Rights and Constitutional Affairs (2020)
Seres, I.A., Nagy, D.A., Buckland, C., Burcsi, P.: Mixeth: efficient, trustless coin mixing service for ethereum. Cryptology ePrint Archive, Report 2019/341 (2019)
Sezer, B.B., Topal, S., Nuriyev, U.: An auditability, transparent, and privacy-preserving for supply chain traceability based on blockchain. CoRR abs/2103.10519 (2021). https://arxiv.org/abs/2103.10519
Shoup, V.: A proposal for an ISO standard for public key encryption. IACR Cryptol. ePrint Arch, p. 112 (2001). http://eprint.iacr.org/2001/112
Singh, A., Click, K., Parizi, R.M., Zhang, Q., Dehghantanha, A., Choo, K.R.: Sidechain technologies in blockchain networks: an examination and state-of-the-art review. J. Netw. Comput. Appl. 149 (2020). https://doi.org/10.1016/j.jnca.2019.102471
Terrovitis, M., Poulis, G., Mamoulis, N., Skiadopoulos, S.: Local suppression and splitting techniques for privacy preserving publication of trajectories. IEEE Trans. Knowl. Data Eng. 29(7), 1466–1479 (2017). https://doi.org/10.1109/TKDE.2017.2675420
Wang, H., Xu, Z.: CTS-DP: publishing correlated time-series data via differential privacy. Knowl. Based Syst. 122, 167–179 (2017). https://doi.org/10.1016/j.knosys.2017.02.004
Wong, L., Leong, L., Hew, J., Tan, G.W., Ooi, K.: Time to seize the digital evolution: adoption of blockchain in operations and supply chain management among malaysian smes. Int. J. Inf. Manag. 52, 101997 (2020). https://doi.org/10.1016/j.ijinfomgt.2019.08.005
Xiao, Y., Xiong, L.: Protecting locations with differential privacy under temporal correlations. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1298–1309. ACM (2015). https://doi.org/10.1145/2810103.2813640
Xiong, P., Zhu, T., Pan, L., Niu, W., Li, G.: Privacy preserving in location data release: a differential privacy approach. In: Pham, D.-N., Park, S.-B. (eds.) PRICAI 2014. LNCS (LNAI), vol. 8862, pp. 183–195. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13560-1_15
Zheng, Y., Zhang, L., Xie, X., Ma, W.: Mining interesting locations and travel sequences from GPS trajectories. In: Quemada, J., León, G., Maarek, Y.S., Nejdl, W. (eds.) WWW 2009, pp. 791–800. ACM (2009). https://doi.org/10.1145/1526709.1526816
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Deferred Proofs and Figures
A Deferred Proofs and Figures
1.1 A.1 Proof for Lemma 2
Lemma 2.(Anonymity and unlinkability) A PPT adversary \(\mathcal {A}\) can not derive the receiver of a stealth address or distinguish the receiver of two different stealth addresses in Protocol 3.
Proof
Assume that a PPT adversary \(\mathcal {A}\) holds a stealth address (P, R) and \(p_{id}\) and a list of tuples \((TK_{i,p_{id}}, K_{b_i})\), \(\mathcal {A}\) needs to compute \(P^\prime = H_s(rTK_{i,p_{id}})G + K_{b_i})\) such that \(P^\prime = P\). To find such a \(P^\prime \), \(\mathcal {A}\) need to compute \(P-K_{b_i} = H_s(rTK_{i,p_{id}})G\). Because of the one-wayness of ECDLP, it is computationally infeasible to compute the \(H_s(rTK_{i,p_{id}})\). And since \(\mathcal {A}\) does not know the secret value r, he can not contrust \(P^\prime = H_s(rTK_{i,p_{id}})G + K_{b_i})\) himself. Therefore, it is infeasible for \(\mathcal {A}\) to derive the receiver of (P, R).
Similarly, assume that \(\mathcal {A}\) gets two stealth addresses \((P_1,R_1)\) and \((P_2, R_2)\), \(\mathcal {A}\) needs to distinguish the following two scenarios: (1) two stealth addresses belong to the same receiver, and (2) two stealth addresses belong to two different receivers. For scenario (1), \(\mathcal {A}\) computes \(P_1 - P_2\) as:
Since the adversary \(\mathcal {A}\) does not hold \(p_{id1}, p_{id2}\) and r, \((H_s(rTK_{p_{id1}}) - H_s(rTK_{p_{id2}}))\) is a secret value x for him. For scenario (2), \(\mathcal {A}\) computes \(P_1 - P_2\) as:
The adversary \(\mathcal {A}\) does not hold \(p_{id1},\ p_{id2},\ r_1,\ r_2\), so \((H_s(r_1TK_{p_{id1}}) - H_s(r_2TK_{p_{id2}}) + K_{b_1} - K_{b_2})G\) is a secret for \(\mathcal {A}\).
In both scenarios, the adversary \(\mathcal {A}\) can not derive the secret value. Given two different stealth addresses, it is computationally infeasible for \(\mathcal {A}\) to distinguish.
1.2 A.2 Proof of Lower Storage Cost
Lemma 3
The proposed encryption method has lower storage costs than DECOUPLES [22].
Proof
The space cost for only using ECIES is \(S_{ECIES} = N_{P}(e+(p,r))\). To compare the space cost of the encryption algorithm S and \(S_{ECIES}\), we compute \(S - S_{ECIES}\) as follows:
Since many products share the same location, we have \(N_{L} < N_{P} < 0\). If \(e > k_{SE}\), we get \(S-S_{ECIES} < 0\) (the size of the encrypted data is larger than the size of the symmetric key). Our encryption method requires less storage than ECIES.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Li, T., Xu, L., Erkin, Z., Lagendijk, R.L. (2024). Trajectory Hiding and Sharing for Supply Chains with Differential Privacy. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14345. Springer, Cham. https://doi.org/10.1007/978-3-031-51476-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-51476-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51475-3
Online ISBN: 978-3-031-51476-0
eBook Packages: Computer ScienceComputer Science (R0)