Achieving Privacy Preservation and Billing via Delayed Information Release

Many applications such as smart metering and location based services pose strong privacy requirements but achieving privacy protection at the client side is a non-trial problem as payment for the services must be computed by the server at the end of each billing period. In this paper, we propose a privacy preservation and billing scheme termed PPDIR based on delayed information release. PPDIR relies on a novel group signature mechanism and the asymmetric Rabin cryptosystem to protect the privacy of the clients and their requests, to achieve accountability and non-repudiation, and to shift the computational complexity to the server side. It adopts a secret token for anonymity and the token is updated for each client at the beginning of each billing period and securely released only to the server at the end of the billing period. Such a strategy can prevent the server from linking a client's requests made at different billing periods. It also prevents any adversary from linking any request to any client. Note that the server is able to figure out all requests made by a client within a billing period after receiving the delayed token, which is unavoidable for billing purpose. We prove the security properties of the group signature scheme, and analyze the security strength of PPDIR. Our study indicates that PPDIR can achieve privacy-preservation, confidentiality, non-repudiation, accountability, and other security objectives. We also evaluate the performance of our scheme in terms of communication and computational overheads.