An Anonymous On-Street Parking Authentication Scheme via Zero-Knowledge Set Membership Proof

The amount of information generated grows as more and more sensor and IoT devices are deployed in smart cities. It is of utmost importance for us to consider the privacy data leakage and compromised identity from both outside adversaries and inside abuse of data access privilege. The security assumption of the system should not solely rely on the fact that permission and access control were being implemented correctly. Quite the contrary, a system can be designed in a way that user's identity data and usage traces are not leaked even if the system had been compromised. Based upon our previous on-street parking system utilizing Bluetooth Low Energy (BLE) beacons, we applied a cryptographic primitive called zero-knowledge proof to our authentication system. A commitment scheme and Merkle tree is combined in the setup to achieve zero-knowledge set membership proof. Doing so, the user is anonymous to the server between authentication sessions, while the server's still able to verify the legitimacy of such user. The on-street parking system is therefore immune to privacy data leakage, as for now one cannot mass-query and profile certain user's traces within the system.