Today, many modern cities adopt online smart parking services as best practices. Citizens can easily access these services using their smartphones or the infotainment panels in their cars. These services' primary objective is to give drivers the ability to quickly identify free parking slots, which should reduce parking time, save fuel, and relieve traffic in urban areas. However, the privacy offered by these services should be comparable to that of the standard paper-based parking solutions offered by parking ticket machines. On the other hand, a privacy-preserving smart parking service's design may raise a number of issues, including how to prevent double or multiple uses of parking tickets, how to prevent user tracking and profiling, how to revoke malicious users, how to handle data statistics without violating users' privacy, and how to comply with regulations like the General Data Protection Regulation (GDPR). In this article, we present multidisciplinary research on a comprehensive vehicle parking system that protects users' privacy. The research includes a range of topics, from the examination of regulatory compliance to the design of privacy-preserving parking registration and vehicle parking services to the implementation of privacy-preserving parking data processing features for data analysts. We provide a security analysis of our concept as well as several experimental results.

Department of Telecommunications Brno University of Technology Brno Czech Republic

Institute of Computer Science University of Tartu Tartu Estonia

IT for Innovative Services Department Luxembourg Institute of Science and Technology Luxembourg

Samovar Télécom SudParis Institut Polytechnique de Paris Paris France

University of Namur Namur Belgium

Zobrazit více v PubMed

Abe M, Okamoto T. Provably secure partially blind signatures. Annual international cryptology conference; Cham. 2000. pp. 271–286.

Al Amiri W, Baza M, Banawan K, Mahmoud M, Alasmary W, Akkaya K. Privacy-preserving smart parking system using blockchain and private information retrieval. 2019 international conference on smart applications, communications and networking (SmartNets); Piscataway. 2019. pp. 1–6.

Al-Turjman F, Malekloo A. Smart parking in IoT-enabled cities: a survey. Sustainable Cities and Society; 2019. p. 101608. DOI

Al-Turjman F, Zahmatkesh H, Shahroze R. An overview of security and privacy in smart cities’ IoT communications. Transactions on Emerging Telecommunications Technologies. 2019;33(3):e3677

Andrés ME, Bordenabe NE, Chatzikokolakis K, Palamidessi C. Geo-indistinguishability: differential privacy for location-based systems. Proceedings of the 2013 ACM SIGSAC conference on computer & communications security; 2013. pp. 901–914.

Batura O, Regeczi D, Vassilev A, Yagafarova A, Bani E, Bonneau V, Jacques F, De Streel A. European Union, BrusselArtificial intelligence in road transport: annex to cost of non-Europe report. 2021:60–63.

Beale H. Digital content directive and rules for contracts on continuous supply. Journal of Intellectual Property, Information Technology and Electronic Commerce Law. 2021;12:96.

Belenkiy M, Camenisch J, Chase M, Kohlweiss M, Lysyanskaya A, Shacham H. Randomizable proofs and delegatable anonymous credentials. Annual international cryptology conference; Cham. 2009. pp. 108–125.

Biryukov A, Tikhomirov S. Security and privacy of mobile wallet users in Bitcoin, Dash, Monero, and Zcash. Pervasive and Mobile Computing. 2019;59:101030. doi: 10.1016/j.pmcj.2019.101030. DOI

Bittner O, Krachenfels T, Galauner A, Seifert J-P. The forgotten threat of voltage glitching: a case study on Nvidia Tegra X2 SoCs. Fault Diagnosis and Tolerance in Cryptography 20212108.06131

Boneh D, Boyen X. Short signatures without random oracles and the SDH assumption in bilinear groups. Journal of Cryptology; 2008. pp. 149–177. DOI

Borges R, Sebé F. Parking tickets for privacy-preserving pay-by-phone parking. Proceedings of the 18th ACM workshop on privacy in the electronic society; 2019. pp. 130–134.

Borges R, Sebé F. An efficient privacy-preserving pay-by-phone system for regulated parking areas. International Journal of Information Security; 2021. pp. 715–727. DOI

Camenisch J, Drijvers M, Hajny J. Scalable revocation scheme for anonymous credentials based on n-times unlinkable proofs. Proceedings of the 2016 ACM on workshop on privacy in the electronic society; Cham. 2016. pp. 123–133.

Camenisch J, Stadler M. Efficient group signature schemes for large groups. Annual international cryptology conference; Cham. 1997. pp. 410–424.

Carvalho JM. Sale of goods and supply of digital content and digital services –overview of directives 2019/770 and 2019/771. Journal of European Consumer and Market Law. 2019;8(5):194–201.

Cäsar M, Pawelke T, Steffan J, Terhorst G. A survey on Bluetooth Low Energy security and privacy. Computer Network; 2022. p. 108712. DOI

Chatzigiannakis I, Vitaletti A, Pyrgelis A. A privacy-preserving smart parking system using an IoT elliptic curve based security platform. Computer Communications. 2016;89:165–177.

Chaum D. Blind signatures for untraceable payments. Advances in cryptology; Cham. 1983. pp. 199–203.

Dingledine R, Mathewson N, Syverson P. Tor: the second-generation onion router. Naval Research Lab, Washington, D.C.Technical report. 2004

Duffield E, Diaz D. Dash: a privacycentric cryptocurrency 2015.

Dumortier F. La sécurité des traitements de données, les analyses d’impact et les violations de données. In: de Terangne et K. Rosier C, editor. Le règlement général sur la protection des données (RGPD/GDPR) Analyse approfondie. Larcier; 2018. pp. 234–240.

Dzurenda P, Tafalla CA, Ricci S, Malina L. Privacy-preserving online parking based on smart contracts. The 16th international conference on availability, reliability and security; 2021. pp. 1–10.

EC General safety regulation –secondary legislation 2021.

EDPB Guidelines 01/2020 on processing personal data in the context of connected vehicles and mobility related applications 2020.

EDPD Guidelines 4/2019 on Article 25 data protection by design and by default 2019.

EDPD Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications) 2020.

ENISA Cyber security and resilience of smart cars 2016.

ENISA Recommendations for the security of connected and automated mobility 2021.

EU Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport 2010.

EU Regulation (EU) 2016/679 of the European Parlament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 2016.

EU Directive 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services 2019a.

EU Directive (EU) 2019/771 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the sale of goods, amending Regulation (EU) 2017/2394 and Directive 2009/22/EC, and repealing Directive 1999/44/EC 2019b.

EU Regulation (EU) 2019/2144 of the European Parliament and of the Council of 27 November 2019 on type-approval requirements for motor vehicles and their trailers, and systems, components and separate technical units intended for such vehicles, as regards their general safety and the protection of vehicle occupants and vulnerable road users, amending Regulation (EU) 2018/858 of the European Parliament and of the Council and repealing Regulations (EC) No 78/2009, (EC) No 79/2009 and (EC) No 661/2009 of the European Parliament and of the Council and Commission Regulations (EC) No 631/2009, (EU) No 406/2010, (EU) No 672/2010, (EU) No 1003/2010, (EU) No 1005/2010, (EU) No 1008/2010, (EU) No 1009/2010, (EU) No 19/2011, (EU) No 109/2011, (EU) No 458/2011, (EU) No 65/2012, (EU) No 130/2012, (EU) No 347/2012, (EU) No 351/2012, (EU) No 1230/2012 and (EU) 2015/166 (Text with EEA relevance) 2019c.

Fang Y, Zhao Y, Yu Y, Zhu H, Du X, Guizani M. Blockchain-based privacy-preserving valet parking for self-driving vehicles. Transactions on Emerging Telecommunications Technologies; 2021. e4239

Fiat A, Shamir A. How to prove yourself: practical solutions to identification and signature problems. Conference on the theory and application of cryptographic techniques; Cham. 1986. pp. 186–194.

Gan Q, Zuo C, Wang J, Sun S-F, Wang X. Dynamic searchable symmetric encryption with forward and backward privacy: a survey. Network and System Security; Cham. 2019. pp. 37–52.

Garra R, Martínez S, Sebé F. A privacy-preserving pay-by-phone parking system. IEEE Transactions on Vehicular Technology; 2016. pp. 5697–5706.

Goldstein F. Understanding the UNECE WP.29 Cybersecurity Regulation (CSMS) https://upstream.auto/blog/understanding-the-unece-wp-29-cybersecurity-regulation/ 2020

Hajny J, Dzurenda P, Malina L, Ricci S. Anonymous data collection scheme from short group signatures. ICETE (2); 2018. pp. 366–375.

Hajn J, Dzurenda P, Casanova Marqus R, Malina L. Privacy ABCs: now ready for your wallets!. Proceedings of The 19th international conference on pervasive computing and communications (IEEE PerCom 2021); Piscataway. 2021. pp. 686–691.

Huang C, Lu R, Lin X, Shen X. Secure automated valet parking: a privacy-preserving reservation scheme for autonomous vehicles. IEEE Transactions on Vehicular Technology; 2018. pp. 11169–11180. DOI

Kamara S. Encrypted Search. XRDS; 2015. p. 3034. DOI

Kamara S, Moataz T. Boolean searchable symmetric encryption with worst-case sub-linear complexity. Annual international conference on the theory and applications of cryptographic techniques; Cham. 2017. pp. 94–124.

Kappos G, Yousaf H, Maller M, Meiklejohn S. An empirical analysis of anonymity in zcash. 27th {USENIX} security symposium ({USENIX} security 18); 2018. pp. 463–477.

Khalid M, Wang K, Aslam N, Cao Y, Ahmad N, Khan MK. From smart parking towards autonomous valet parking: a survey, challenges and future Works. Journal of Network and Computer Applications. 2021;175:102935. doi: 10.1016/j.jnca.2020.102935. DOI

Knockaert M, Laurent M, Malina L, Matulevicius R, Petrocchi M, Seeba M, Tang Q, Tasidou A, Tom J. Privacy-by-design in intelligent infrastructures. Deep diving into data protection: 1979-2019: celebrating 40 years of research on privacy data protection at the CRID; 2021. pp. 309–343.

Li Z, Alazab M, Garg S, Hossain MS. PriParkRec: privacy-preserving decentralized parking recommendation service. IEEE Transactions on Vehicular Technology. 2021;70(5):4037–4050. doi: 10.1109/TVT.2021.3074820. DOI

Libert B, Vergnaud D. Multi-use unidirectional proxy re-signatures. Proceedings of the 15th ACM conference on Computer and communications security; 2008. pp. 511–520.

Losavio MM, Chow K, Koltay A, James J. The internet of things and the smart city: legal challenges with digital forensics, privacy, and security. Security and Privacy. 2018;1(3):e23. doi: 10.1002/spy2.23. DOI

Martínez-Ballesté A, Pérez-Martínez PA, Solanas A. The pursuit of citizens’ privacy: a privacy-aware smart city is possible. IEEE Communications Magazine; 2013. pp. 136–141.

Navaroj GI, Julie EG. Research anthology on blockchain technology in business, healthcare, education, and government. IGI Global; 2021. Smart parking in smart cities using secure IoT; pp. 1484–1507.

Noether S. Ring signature confidential transactions for Monero. IACR Cryptology ePrint Archive; 2015. p. 1098.

Paillier P. Public-key cryptosystems based on composite degree residuosity classes. International conference on the theory and applications of cryptographic techniques; Cham. 1999. pp. 223–238.

Plateaux A, Lacharme P, Coquet V, Vernois S, Murty K, Rosenberger C. An e-payment architecture ensuring a high level of privacy protection. International conference on security and privacy in communication systems; 2013. pp. 305–322.

Pointcheval D, Sanders O. Short randomizable signatures. Cryptographers track at the RSA conference; 2016. pp. 111–126.

Purtova N. The law of everything. Broad concept of personal data and future of EU data protection law. Law, Innovation and Technology. 2018:40–81.

Ricci S, Dzurenda P, Hajny J, Malina L. Privacy-enhancing group signcryption scheme. IEEE Access; 2021. pp. 136529–136551. DOI

Sein K. “Goods With Digital Elements” and the Interplay With Directive 2019/771 on the Sale of Goods 2020

Shigeo M. Mcl library. 2018. https://github.com/herumi/mcl https://github.com/herumi/mcl

Tang Q. Another look at privacy-preserving automated contact tracing. ACM Transactions on Spatial Algorithms and Systems; 2022. pp. 1–27.

UNECE UN Regulation No 155 –Uniform provisions concerning the approval of vehicles with regards to cybersecurity and cybersecurity management system 2020.

UNECE Proposals for interpretation documents for UN regulation No. 155 (Cyber security and cyber security management system) 2021.

Upstream Global automative cybersecurity report, research into cyber attack trends in light of cybersecurity standards and regulations. 2021. p. 47.

Upstream Global automative cybersecurity report - automotive cyber threat landscape in light of new regulations. 2022. p. 51.

Weber M, Podnar Žarko I. A regulatory view on smart city services. Sensors; 2019. p. 415. PubMed DOI PMC

Zhu L, Li M, Zhang Z, Qin Z. ASAP: an anonymous smart-parking and payment scheme in vehicular networks. IEEE Transactions on Dependable and Secure Computing. 2018;17(4):703–715.