JOURNAL OF LATEX CLASS FILES, VOL. 14, NO.

8, AUGUST 2021 1

CAPPAD: A Context-aware Scheme for

Privacy-Preservation Solution for Autonomous ::::::::::::::::::

Vehicle Ecology Vehicles using SDN, a Customized

::::::::::::::::::

Differential Privacy and Data Aggregation

Mehdi Gheisari, IEEE Member,, Wazir Zada Khan, IEEE Senior Member, Hamid Esmaeili Najafabadi, IEEE
Member, Gavin McArdle, Hamidreza Rabiei-Dastjerdi, IEEE Member,: Yang Liu, Senior IEEE Member,::
Christian
Fernández-Campusano, Senior IEEE Member,Hemn Barzan Abdalla, Senior IEEE Member

Abstract—Autonomous Vehicles (AVs) and driverless cars elderly and citizens, like ::::::
citizens,:eliminating accidents caused by
which arew are:::
equipped with communication capabilities, ad- human error:, and handling parking problems [1]. For instance,
vanced sensing, and Intelligent Control Systems (ICS),: aim to Automated Valet Parking (AVP) assists users in finding vacant
modernize the transportation system. This It::increases user parking spaces while leaving their AVs at a drop-off area,
satisfaction through :: by::enhancing personal safety, reducing like the hotel foyer or the departure zone of the airport [2].
infrastructure costs, decreasing environmental interruption, and Furthermore, they can perform intelligent operations such as
saving time for passengers. On the other hand, specially, in lane departure warning, collision avoidance, and traffic sign
emergency cases when AVs require maintenance, their generated detectionthat ultimately alleviated ,:::::::::
ultimately :::::::::
alleviating :the
sensitive information (e.g., AV location, low brake fluid amount human drivers’ burden [3]:: [4].
of an AV) should be shared with Road Side Units (RSUs) and From an architectural point of view, AVs have functional
other vehicles to address their problems and provide quality architectures based on two components: hardware and software.
services. Despite its appealing benefits, sensitive data sharing The hardware part contains sensors, actuators, Vehicle-to-Vehicle
carries security and privacy issues that trigger serious risks like (V2V), and Vehicle-to-Infrastructure (V2I) technologies which
unintentional physical accidents. If the privacy of the AV breaches empowers :::::::
empower: the vehicle to see, move, connect, and
is breached and its sensitive data discloses unintentionally :is
:::::::::: communicate with other vehicles. The software part acts as
unintentionally disclosed during data transmission, adversaries
:::::::::::::::::::: the brain of the vehicleand contains needed ::::::: vehicle’s :::::
brain :::
and
can misuse them and make :::: cause: artificial accidents. Currentcontains the required processes for perception, planning, and
::::::::::::::::::
studies in this area lack efficiency and cost-effectiveness. To controlling so that the AV can move, stop, slow down:, or even
fill this gap and reduce the number of potential accidents, perform other tasks by processing the information gathered from
article::::::::
this paper proposes a ::::: proposes :: a ::::
new :Context-Aware the environment through its hardware [5].
Privacy-Preserving method for Autonomous Driving (CAPPAD). In order to obtain better performance in emergency
In particular, the Software-Defined Networking (SDN) paradigm situations::::::::::
emergencies, AVs must share their information with
is employed to bring flexibility for to
::
AVs’ privacy management other vehicles (i.e., Vehicle-to-Vehicle (V2V) connection) and
while its SDN controller runs a novel algorithm for privacy Roadside Units (RSUs) (i.e., Vehicle-to-Infrastructure (V2I) con-
preservation. Depending on whether the data generated is sensi- nection), particularly at the repair and diagnosis time when
tive or not and whether there is an emergencysituation, the AV the AV needs maintenance [6]. AVs should share information
applies Differential Privacy (DP) or Data Aggregation (DA) as with RSUs and other vehicles, especially in emergency cases
its privacy-preserving method. Finally, extensive simulations are emergencies like traffic jam avoidance or garage time. Having
::::::::::
performed through MININET-WIFI to show the performance the data produced by a single AV is not as useful ::::::: valuable:as
of CAPPAD not only in terms of privacy-preserving degreebut collecting and analyzing Big Data from several AVs. Besides, some
also ,: computational cost overhead, computational complexity of the generated data might be sensitive. Sensitive information
overhead, and latency. We also compare it with other relevant includes engine malfunctioning, low air pressure in tires, flat tires,
well-known studies to show its superior effectiveness. Police/security AV location, low brake fluid, etc. They are sensitive
Index Terms—utonomous Vehicle, Privacy-preservation, La- since adversaries can misuse them and cause problems for the
tency, Data Aggregation; Differential Privacyutonomous Vehicle, system by abusing its vulnerabilities if disclosed unintentionally.
Privacy-preservation, Latency, Data Aggregation; Differential For instance, the adversaries may damage the corresponding AV
PrivacyA and system by making fake accidents, revealing :::::::::highlighting:the
need for privacy preservation [7], [8]::::::
[7], [8].
Advances in autonomous driving technologies have brought
I. I NTRODUCTION new and challenging security and privacy threats to both AVs
HE Internet of Things (IoT), which combines embedded and their users. Due to privacy breaches, sensitive data can
T intelligence and internet connectivity, has triggered the be leaked, and adversaries can exploit them by informing a
proliferation of autonomous driving technologies, including Au- third party/parties, leading to deadly and fake accidents. This
tonomous Vehicles (AVs). AVs have the potential to control, nav- is an important :a:::::::::
significant: challenge because of the AV:’s
igate, and drive automatically without any human intervention vulnerability to a broad range of cyber-attacks through the
by leveraging advanced sensing technologies and software. exposure of remote-control interface, which ultimately:::::::: interfaces,
On the one hand, AVs support people and citizens in their daily which
:::::
may result in safety issues for the AV, passengers, and
lives by providing safe and reliable transportation services to pedestrians. To show its importance, a recent study pointed
out that AVs can study highlighted that AVs could also be
::::::::::::::::::::::::::::
exploited
0000–0000/00$00.00 for terrorist attacks [9]. This study signifies the necessity
© 2021 IEEE
JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021
of addressing the cyber security :::::::::::cybersecurity :issues in the
Autonomous Vehicles ecology of a smart city. Therefore, it is
imperative to ensure that the privacy of the AVs and passengers
is preserved. Although consumers of AVs embrace autonomous
driving applications and technologies, the success of AVs may be
impeded if sufficient security and privacy guarantees can not be
provided.
AVs leverage several enabling technologies for sharing data
effectively, such as Edge Computing (EC), Vehicular Cloud
Computing (VCC), Software Defined Networking (SDN),: and
Named Data Networking (NDN). Although these technologies
empower the AVs, we have found that existing privacy-preserving
solutions do not provide efficient privacy-preserving degrees that
stem from the fact that they do not consider context-awareness
of the environment,: or they are expensive and not cost-effective
[10], [11], [12], [13]::::::::::::::::
[10], [11], [12], [14].
To achieve higher degrees of privacy preservation while
being cost-effective, we have been inspired by the benefits of
SDN technology, such as flexible network management. Thus,
in this paperarticle,
::::
we propose an SDN-based Context-Aware
Privacy-Preserving Autonomous Driving scheme (CAPPAD) for
AVs, which provides privacy for AVs more effectively than in : implementing it in the software domain instead [20][20],
current studies. In the proposed scheme , the AVs are connected
The proposed scheme connects the AVs to the SDN controller
:::::::::::::::::::::::::::::::::
through different RSUs and share shares ::::::
their information.
It is notable to mention that ::::::: Notably, :the SDN controller is
connected to the Cloud Computing environment, which analyzes
the data for future needs[15], [16], [17]. Based on the sensitivity
:::::::::::
of the
:::
AVs’ shared information and whether the AV is in
an emergencysituation, the SDN controller decides how AVs
should behave with their data, whether they should apply a
customized data aggregation algorithm or apply a customized
Differential Privacy (DP) algorithm. Simulation results show
that our proposed scheme, “CAPPAD”, can be applied widely
in autonomous driving ecology. Specifically, it performs better
in terms of privacy-preserving degree and latency but less in
computational cost overhead and complexity than in current
studies.
It is notable to mention that ::::::: Notably, :our solution is not
simply a direct combination of two main mature techniques,
SDN and Differential Privacy. Although our solution gets support
from these two well-known techniques, it has several unique
characteristics. Specifically, the major contributions of this paper
article
::::::
are the following:
• We have designed a cost-effective, customized framework
:
for an SDN-based context-aware vehicular system for Au-
tonomous Vehicles (AVs)which preserves the privacy of AVs
effectively :, ::::::::
effectively:::::::::
preserving::::
AVs’:::::::
privacy.
• Then, a Context-Aware Privacy-Preserving scheme for Au-
tonomous Driving called (CAPPAD) is proposed for AVs
on top of the proposed framework so that we would be
able to can
:::
effectively address the privacy-preservation issue
in AV environments. From :: an:abstract point of view, the
AVs’ apply whether the proposed customized Differential
Privacy (DP) algorithm or the customized Data Aggregation
(DA) technique based on the context of the ecology and the
situation of the AV ::::::ecology ::::::
context::::and:::
the:::
AV::::::::
situation.
Several aspects make “CAPPAD” unique when compared
to other relevant studies, including (1) Context-awareness,
(2) Customized DP techniques,::and (3) Customized DA
techniques with the aim of providing :: to ::::::
provide:an efficient
privacy-preserving solution for AVs.
• Extensive simulations are performed using MININET-WIFI
[18], demonstrating that our ::: the ::::::::
proposed :scheme has
achieved a better privacy-preserving degree and latency.
The remainder of the paper article ::::::
is organized as follows:
Section II presents the related work, including the recent litera-
ture related to::on:our work. Section III discusses the “CAPPAD”,
which first forms our problem with an example scenario. Then,
2
it focuses on the AVs environment equipped with the SDN
paradigm. Then the proposed privacy-preserving method that
lies on top of it is described. Section IV presents the performance
evaluation of our proposed scheme. Section V discusses the
achievements and limitations of “CAPPAD” followed by Section
VI, concluding the paper :::::
article:and presenting several possible
future directions for the research.
II. BACKGROUND
In the proposed solution, we not only leverage the SDN
paradigm but also propose a novel customized Differential
Privacy (DP) to fill the gap in current studies as described in
the following:
a) Software Defined Networking: Among the enabling
technologies, the SDN is one of the most attractive technologies
adopted in AVs for resource management and performance
enhancement due to its open programmability, flexibility, and
central intelligence features [19]. All these features stem from
the separation of the separating the control plane and data
::::::::::::
plane, removing the control plane from network hardware:, and
[21].
:::::::
The data plane is responsible for carrying data traffic. The SDN-
based approaches enable interoperability between heterogeneous
data generated by electronic control modules of AVs. Enabling
interaction between these data sources can bring innovation
and new intelligent features that significantly improve security
and riders’ experience. The interoperability feature can enable
autonomous cars to mitigate a high-risk situation using SDN-
based solutions.
b) Differential Privacy: Differential Privacy (DP) technol-
ogywhich has been ,: recently proposed, plays a critical role
in the prevalent privacy model with distributed architecture.
It can provide strong privacy guarantees for IoT end points
endpoints while collecting and analyzing data [22]. Thanks
:::::::::
to strict mathematical proofs, the DP is independent of the
background knowledge of any adversaries while providing each
user with strong privacy guarantees, and thus being widely
adopted and used in many areas [23], [24].
Adding controlled noise from predetermined distributions is a
way of designing DP mechanisms. This technique helps design
private mechanisms for real-valued functions on sensitive data.
Some commonly used distributions for adding noise include
Laplace and Gaussian distributions [22]. On the other hand, the
exponential mechanism helps to extend the notion of differential
privacy to address such issues as discrete sensitive data.
III. R ELATED W ORK
In this section, recent attempts that aim to preserve the privacy
of AVs are discussed. In particular, the discussion focuses on their
advantages and disadvantages and identifies key gapsthe key gaps
:::::::::
in existing work.
:::::::::::::
The authors in [25] proposed a composite framework that
provides end-to-end security assistance through its two built-
in modules: (1) an authentication module and (2) an Intrusion
Detection intrusion detection module. The first module uses an El-
:::::::::::::::
liptic Curve Cryptographic (ECC)-based authentication protocol
with the aim of mutual authentication of Cluster Heads (CH) and
Certificate Authority (CA) in SDN-based VANETs environments.
Here, the ECC is used before data transmission. It maintains
a reduced communication overhead while providing optimal
security features. On the other hand, a tensor-based dimension
reduction technique supports the intrusion detection module. It
aims to reduce computational complexity and identify potential
intrusions in the ecology. The authors evaluated their framework
using extensive simulation results. Although they showed the
superiority of their framework based on False Positive Rate
(FPR), Accuracy, Detection Time, and Communication Overhead,
JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021 3

they did not focus on their solution’s privacy aspects, especially address fully the privacy-preservation issuefully address privacy
::::::::::::::::
when AVs are in an emergency and dangerous situation. preservation.
::::::::::
The approach performs many extra and time-
Likewise, the authors in [26] designed a privacy-preserving consuming actions to increase the interoperability. As a result,
collaborative intrusion detection model in VANETs. They lever- interoperability has been achieved perfectly since IoT devices
aged distributed machine learning techniques. Although their are resource constraints :::::::::
constrained: and cannot suffer much
solution has several advantages, such as privacy preservation in a overhead.
cooperative mode, the solution :it:is not context-aware. Moreover, In [31], :::
the :authors presented a multi-function procedure
they did not calculate how much ::: the ::::::
authors::: did:::
not::::::
assess :::
how in smart grid communication that is an application of IoT in
robust
:::::
their solution is robust against unintentional sensitive data the smart city. It is based on ::: the :Boneh-Goh-Nissim (BGN)
disclosure. encryption homomorphic method, which provisions Average,
A Privacy-Preserving Time-Sharing Service is proposed in [27], Variance average variance functions over the encrypted data
::::::::::::::
where the authors have applied encrypted travel time information [32]. Although they tried to increase the ::: the ::::::
authors::::::::
increased
and traffic information related to the Points of Interest (POIs) for the
:::
privacy-preserving degree than related work, it is short of
task matching of AVs requester and owner and assess the service solving the compared to other work, the work does not solve the
:::::::::::::::::::::::::::::::::::::::::
cost of each requester for effective selection by the owner. The heterogeneity issue.
experimental results show the accurate privacy preservation of Furthermore, :: the::authors in [33] proposed a privacy-
AVs userAV users’ s location and time. However, the experiments
:::::::
preserving solution at the edge of the network::::::::
network’s::::edge
are performed based on the static traffic information, which in the IoT-based smart city environment. They first proposed
restricts the applicability of the proposed scheme in dynamic an ontology at the network edge to effectively address the
traffic environments and lacks context-awarenessproper context
:::::::::::
heterogeneity issue and preserve the privacy of IoT devices in
awareness.
::::::::
the smart city. In detail, it works based on the stored data in
Another scheme proposed in [5] organizes ride-sharing issues the proposed ontology. Each device has three characteristics: (1)
for AVs while preserving the privacy of trip data. They first a data value,: (2) a privacy-preserving rule:, :and (3) a privacy-
encrypted trip data, then leveraged similarity measurement preserving life time lifetime
:::::::
which demonstrates the life time
techniques over themto this aim. They have divided the ride- lifetime
::::::::::
of a privacy-preserving rule. If a device’s privacy-
sharing regions into several cells, where each cell is represented preserving lifetime of the IoT device becomes zero, the ontology
as a binary vector. These binary vectors are encrypted and sent server commands the device to change its applying privacy rule
to the server. Based The server will find users who can share
:::::::::::::::::::::::::::::::::
by randomly selecting one of 3 possible methods. The amount of
rides based
::::::::::
on the similarity report on top of the encrypted overhead of the proposed solution is calculated; however, this is
data, the server will find users who can share rides. One of not enough to determine if the solution is performing well from
the significant advantages of this scheme is that it preserves the a privacy-preserving point of viewor not.
privacy of trip data to an acceptable degree. However, it has Moreover, in [34], they :::
the ::::::
authors: went a step forward by
some drawbacks; for example, the authors have not evaluated leveraging the proposed ontology in [33][35]. :::
Each IoT device
their proposed method based on various evaluation metrics like has four possible privacy-preserving methods and has one owner
the computational cost. Furthermore, this scheme is not context- information to misguide the information owner to misguide
:::::::::::::::::::::::::
aware and is not applicable for :: to:dynamic environments. potential adversaries in the IoT-based smart city based on the
Authors The authors
:::::::::
in [28] proposed a context-aware
:::::::::::
privacy- context of the environment. Although they the work calculated
::::::::
preserving solution that is context-aware using the SDN paradigm the proposed solution’s overhead amount, they :: the:::::::
authors:did
for IoT-based smart cites::::
cities. They considered a scenario where not evaluate their solution based on the privacy-preserving
several IoT devices in a smart city environment are connected to a degree.
Cloud Computing environment through a trusted SDN controller. On the other hand, the :::
authors in [36] used a lattice
They assumed that some IoT devices produce sensitive data cryptographic method to design a dual function dual-function
::::::::::
while their solution prevents unintentional disclosure of such aggregation privacy-preserving method that can support mean
sensitive data. They evaluated their solution from several points and variance functions simultaneously. However, they did not pay
of view, such as the amount of overhead and penetration rate. attention to ignored
::::::
the heterogeneity challenge in the Cloud of
Although their solution is effective, they only address ::: the ::::
work Things (CoT)-based smart city environment.
only addresses
::::::::::::
the privacy-preservation issue. To protect the privacy of AVs in emergency situations
Another related work has been done :: is presented
::::::::
in [29], where emergencies at traffic junctions, an agent-based privacy-
:::::::::::
they :::
the ::::::
authors: propose a security and privacy preservation preserving framework is proposed in [37]. Based on the private
scheme for facial identification in the :: an:IoT-based smart city information provided by two AVs on a junction, the AV which
environment using Fog :: fog::computing. At first, the authors provided a high priority high-priority
:::::::::::
reason will cross the
offer an outline for the fog computing-based face identification junction first. The authors have performed simulations, and
framework. Then, they propose data encryption, a session key the experimental results have shown that their framework has
agreement, and a data integrity checking scheme to address achieved good results in preserving the privacy of AVs. However,
Confidentiality, Integrity, and Availability (CIA) issue in the the proposed framework needs to be evaluated under the presence
process of face identification issues in the face identification
:::::::::::::::::::::::::
of third-party communication service providers as the AVs data
process
:::::::
in the IoT-based smart city environment. Finally, they pass through the infrastructure of these third-party service
have implemented a prototype system to evaluate their solution’s providers, who can also violate the privacy of AVs. Another
security and effectiveness. Their results show that their solution disadvantage is that the proposed method is not context-aware.
increases computation and communication overhead on the sys- Therefore, it cannot make decisions based on the context of the
tem; however, it ensures system security. Although their solution ecology ::::::
ecology:::::::
context, which is one of the vital requirements
is secure, the authors did not evaluate it based on the privacy- a vital requirement for dynamic environments in which AVs
:::::::::::::::::
preservation degree. operate.
Moreover, another related work has been introduced in [30] A new privacy-preserving architecture for IoT devices in the
that preserves the privacy of multi-dimensional data aggregation smart city is proposed by leveraging an ontology data model
method, “EPPA”. “EPPA” combines both pillar encryption and at the edge of the networkin [35]. The proposed architecture
increasing sequence techniques to address this prominent chal- for privacy-preserving is called ECA. They network’s edge in
::::::::::::::
lenge. However, the proposed method suffers from multiple time- [34]. The authors leveraged the ontology intending to convert
:::::::::::::::
consuming exponential computational problems , and does not the system to a highly dynamic one from the privacy-preserving
JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021 4

behavior point of view. The ECA ontology consists of the privacy

knowledge of IoT devices. With the help of ECA, each device
has its own privacy rule, and the network system is converted
to a dynamic mode. It would be more difficult for adversaries
to attack the system and find the original data. In other words, Honest But
Curious
the ontology server located at the edge of the networknetwork’s
::::::: CAPPAD Procedure
edge assigns a new privacy-preserving rule to every IoT device
:::: Cloud
dynamically. As a result, they obtain a higher amount of privacy- RSU SDN
Controller
preserving degrees. They provide dynamic behaviour behavior
::::::
by leveraging the ontology server. However, their :::
the solution is
expensive.

IV. C ONTEXT-AWARE P RIVACY-P RESERVING SCHEME

S:::::::
CHEME:FOR AUTONOMOUS D RIVING (CAPPAD)
RSU
In this Section::::::
section,:we describe our solution in detail, which
is ::a Context-Aware Privacy-Preserving scheme for Autonomous
Driving (CAPPAD) based on SDN technology. Our proposed
scheme aims to prevent the unintentional disclosure of sensitive
data of AVs against :: to unwanted parties. Firstly, we describe Figure 1. Autonomous driving environment that is facilitated with a single
the scenario of our proposed scheme and its components. Sec- SDN controller
ondly, the algorithm and the procedure of our proposed scheme
(CAPPAD ) CAPPAD
::::::::
are presented in detail. The terms used in
the proposed scheme include “Autonomous Vehicle” (AV), “Data B. CAPPAD Procedure
Aggregation” (DA), “Differential Privacy” (DP), and “RoadSide
In this sub-section, we describe the procedure of our proposed
Unit” (RSU).
CAPPAD scheme. Figure 2 illustrates the flowchart of “CAP-
PAD” step-by-step ::,” which includes input data, data flow, and
A. Ecology, Input data, and Components of CAPPAD output.
In this section, we describe at first the trend :::::
trends:of AVs
and their data flow. Then, the ecology of “CAPPAD” and its
components will be described in detail. Start
As the research and development of AV technology have
progressed, the prospect of privately-owned fully autonomous
vehicles operating on roads is getting closer. It is predicted that EM=Fill();
94.7 million fully automatic AVs will be sold annually by the
year 2035 [38]. The accessibility of sensors and camera modules AV generates a
in this large number of AVs in the near future is making data
the AV industry increasingly data-driven. The main source of
data primary data source for AVs stems from sophisticated
:::::::::::::::::: Yes Sensitivity No SDN sends
systems of network-based structures which gather information Check DA to Could
from inside and outside of the AV [39], [40]::: the :::
AV ::::::::
[39], [40].
With the combination of state-of-the-art techniques and advanced Emergency No SDN sends
computing systems, we can recognize that the generated data can Check DA to AV End
be transformed into decisions making in AVs. As AV technologies Yes
gradually evolve, the generated data, including sensitive and non- SDN sends DP to AV aggregates its
sensitive data inside AVs, also grows. Having found the large AV data for last 3 sec
significant
::::::::
role of AVs and their generated data in the near future,
AV sends perturbed
we now focus on the ecology of “CAPPAD” and its components. AV applies DP
data to RSU
Then, after that, we will illustrate, evaluate and compare our
solution with the state-of-the-art to demonstrate its effectiveness. RSU sends perturbed
To describe the “CAPPAD” ecology, we have leveraged the data data to SDN
set that has been used in the related work [41]. The scenario is
illustrated in Figure 1. It includes input datawhich are : : six AVs, SDN sends perturbed
two :2:RSUs, and one 1: SDN controller. The AVs are connected to data to Cloud
a single SDN controller through RSUs. Three AVs are connected
to one RSU, and the other three AVs are connected to the other
End
RSU. The AVs are moving in two parallel directions. Each AV
has a speed of 5 Km/h. The RSUs, Data Plane , are :’ :::: Data
Plane is simple hardware that does not have the capabilities to Figure 2. Proposed The steps involved in the proposed methodstep by step.
:::::::::::::::::::::::
:::::::
be programmed. The SDN controller has a two-way relationship
with the CC environment in order to exchange data. AVs send Moreover, we have illustrated the “CAPPAD” procedure from
their sensed and analyzed data to the CC space for further an algorithmic point of view,: which is illustrated in Algo-
:::
analysis and improvement of their performances. It is notable rithm 1 step by step. Here, the symbol “I” refers to the ID
to mention that Autonomous Vehicles provide two types of data: of the device::::::
device’s:::
ID, while “S(i)” :”:refers to the procedure
sensitive and non-sensitive. Sensitive data include information of result which has with::::
the value “Yes/No”. It shows whether
the location of a Police AV , and brake fluid levels, whereas the AV is producing sensitive data or not. ::: We ::::
have:::::::
selected
insensitive data is weather prediction data. For example, if an Differential Privacy and Data Aggregation since,
::::::::::::::::::::::::::::::::::::::::::::::::::
based on the
adversary can find the vulnerability of an AV by finding ::: that:the literature review, they have shown their superior performance
::::::::::::::::::::::::::::::::::::::::::::::::::
AV brake oil is low, it can impose fake accidents. [42], [43], [44].
::::::::::::
JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021 5

Algorithm 1 4) Then, the RSU sends the received data to the SDN
1: procedure CAPPAD controller.
Input: “0.5”, “Laplace”, “DA” 5) Finally, the SDN controller sends the data to the Cloud
Computing :::::
cloud ::::::::
computing: environment.
Output: Safe environment
2: for i = 2 to n do If it is not in an emergencysituation, the following steps should
be followed:
3: The AV generates data
4: if The data is not sensitive then 1) The SDN controller sends the “DA” text to the AV.
2) The AV aggregates its data for the last three seconds. Fur-
5: The AV sends its data to the Cloud directly ther investigation is needed to find out the best time value
6: if The produced data of the AV is sensitive then for data aggregation determine the best data aggregation
:::::::::::::::::::::::::::::
7: if The AV is not located in an emergency then time value.
::::::::
8: The controller sends “DA” to the AV 3) The AV sends its perturbed data to the RSU.
4) The RSU forward forwards
::::::::
the received data to the SDN
9: The AV applies the Data Aggregation controller.
method for the last three seconds 5) The SDN controller sends the aggregated data to the
10: The AV sends its perturbed data to the RSU Cloud Computing cloud computing environment.
::::::::::::::
11: The RSU sends the data to the cloud com-
puting space
12: if The AV is located in an emergency then V. P ERFORMANCE EVALUATION
13: The controller sends “0.5”, “Laplace”, and
“DP” to the AV In this Section::::::
section, “CAPPAD” is evaluated using a variety
of evaluation metrics in order to demonstrate its effectiveness.
14: The AV perturbs data using Differential
Our experimental proof-of-concept scenario is shown in Figure 1.
Privacy based on the received parameters The proposed approach is evaluated using the “MININENT-
15: The AV sends its perturbed data to the RSU WIFI” [47]. “MININENT-WIFI” is forked to include OpenFlow-
16: The RSU sends the data to the Cloud enabled wired switches and wireless APs with the same features
as “MININET”, like fast prototyping and supporting several net-
work architectures, and to perform an experimental evaluation of
wireless networks [48]. This emulation tool supports well-known
The algorithm starts by assigning “DA” to each RSU using traffic generators and propagation models for wireless media. It
the Fill() function. We assume that a database has already been also allows the end-user to add any customized framework on top
created and filed filled
::::
by experts. Experts already discriminate to programmable, multi-access physical network substrates.:
of ::
sensitive data from non-sensitive data and store them in the Five evaluation metrics are possible for evaluating a privacy-
database. Our database has two columns; (1) data and (2) is it preserving method in which are which is [49], [50]:
:::::::
sensitive or notwhether it is sensitive. For example, the amount of
:::::::::::::::: 1) Consistency and Completeness: It refers to the calculation
brake oil is sensitive since if it is disclosed unintentionally, and
:::
the
of the calculating
::::::::::::
the amount of non-important data in
AV may end up with fake accidents. In our scenario, we have used
comparison with compared
::::::::::
to the data set.
the “Sum” function as the data aggregation method for the AVs,
2) Penetration Rate: It refers to the calculation of the amount
calculating the sum of their values when they need to aggregate
calculating :::
of ::::::::: the :::::::
number ::
of:successful attacks, i.e., how
their data. We have assumed that the function Fill() assigns “0.5”
many attackers successfully have found the sensitive data.
as the privacy budget to the AVs and “Laplace” as the Differential
3) Scalability: It refers to the calculation of the :::::::::
calculating
Privacy mechanism since the privacy budget “0.5” and “Laplace”
the
:::
amount of performance when AVs ::: AV :numbers have
distribution has shown its effective performance based on the
been increased.
literature review [45][45], [46].
::::::: 4) Overhead: It refers to the calculation of the :::::::::
calculating :::
the
On the other hand, when the AV generates data and ::: that amount of computational complexity.
is not sensitive, the AV sends its data directly to the cloud 5) Accuracy: It refers to the calculation of the :::::::::
calculating :::
the
computing environment for further analysis and possible sharing. amount of information loss.
ButHowever,
:::::::
if the generated data by :::: data ::::::::
generated:::by:::
the
AV is sensitive, then the SDN controller checks if it is located From the five metrics mentioned above, the penetration rate
in an emergency situation or not. We have assumed that :: the and the overhead are the most crucial evaluation metrics for
AV is considered in an emergency if any neighboring vehicle:’s evaluating privacy-preserving schemes. Thus, this paper article
::::
::::::::::::::::::::::::::::
distance is less than one meter, the AV is considered to be in an evaluates the performance of our proposed scheme mainly via
emergency situation. If the generated data is sensitive, there are these two metrics. We presented ::::::
present:the results using three
two possibilities. First, if the situation is emergent an emergency basic networking parameters, the proposed framework’s three
:::::::::::::::::::::::::
::::::::::
and the AV is located in a dangerous situationin danger, it networking parameters:
:::::::::::::::::::
end-to-end delay, packet loss percentage,
::::::::
applies the “Differential Privacy” method with the privacy budget and latencyfor the proposed framework.
of “0.5” and “Laplace” distribution. The AV, in turn, sends
its perturbed data to the cloud computing Space. Butspace. ::::
However,
:::::::
if the situation is not an emergency and the AV is A. Overhead
producing produces
:::::::
sensitive data, it uses the data aggregation
method for the last 3 seconds. The following algorithmic steps To find the effectiveness of our solution, we must first consider
can be followed for the two scenarios: it based on the critical evaluation metrics. In other words,
preliminary evaluations are needed to determine if the AVs
If there is an emergency:
can afford the amount of overhead of “CAPPAD””. :
Two sub-
1) The SDN controller sends “DP” to the AV. evaluation parameters are (1) Computational complexity and (2)
2) The AV applies “Differential Privacy” based on the above Computational costare used. This :. :::::
Based :::
on ::::
these::::
two ::::::
metrics,
mentioned above-mentioned
::::::::::::::
parameters. this
:::
section evaluates our solution as a crucial stepbased on these
3) The AV sends perturbed data to the corresponding RSU. two metrics.
 JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021
1) Computational Complexity: In this part, our proposed
solution’s fundamental limitation and capability are calculated
by quantifying the problem difficulty in an absolute sense,
inherent difficulty, and then comparing it with other solutions.
The computational complexity in the worst situation is denoted by
Big O, with the parameter of n being the number of AVs. O(N )
describes an algorithm whose performance will grow linearly
and directly proportional to the number of AVs. A process that
is O(n × n) scales worse than one that is O(n × logn) , but better
than one in O(n × n × n) or O(n!). After analysis, we have found
that the complexity amount of “CAPPAD” is O(4 × n),:which
in the complexity complex
:::::::
environment is considered as linear,
O(n). This extra overhead stems from the fact that AVs need
AVs needing to apply a privacy-preserving rule before starting. It
::::::::::
denotes an estimate of how the “CAPPAD” performs in terms of
the needed time and how its performance degrades as the number
of AVs increases. In other words, the performance of “CAPPAD”
grows linearly with the co-efficiency of 4. At most, four main
extra operations are needed for each AV to send its data to the
Cloud. However, in traditional systems, AVs send their sensed and
analyzed data to the CC space directly by applying one static
privacy-preserving solution [51], [52], which has the order of
O(2 × n). For a better understanding of it through schematical
a schematic depiction, Figure 3 compares the amount of the
::::::::::
needed operations in worst cases for “CAPPAD” and common
AV ecology where AVs are connected to the Cloud Computing
space.
5,000
common AV ecology
CAPPPAD
4,000
Number of Needed Operations
3,000
2,000
1,000
0 200 400 600 800 1,000
Number of Devices
Figure 3. CAPPAD vs AVs ecology
2) Computational Cost: Calculating the extra cost that
CAPPAD imposes on the environment is practically required
to find how many AVs can afford it and how much it affects
AVs’ lifetimes. The simulation results show that “CAPPAD”
requires more computational costs than traditional systems. In
“CAPPAD”, each AV sends its data to the cloud computing
space through the SDN controller while preserving AVs’ pri-
vacy. Figure 4 illustrates the computational cost overhead of
“CAPPAD” within 10 seconds. Moreover, we also compare it
with the “OBPP” solution that has been proposed in [53]. In
the “OBPP” solution, authors designed and developed a novel
ontology that is located in the cloud computing space. Then, they
mounted a privacy-preservation algorithm on top of the leveraged
proposed ontology which is located in the ontology server in
the cloud Cloud’s ontology server to preserve the privacy of
::::::::::::::::::::
IoT devices in the smart city. Beyond this, we compare our
solution with another well-known solution which , at first, one
::
6
that initially equipped the smart city with the SDN paradigm [54]
::::::::::
[28].
:::
Then, a mounting context-aware solution has been proposed
in which the SDN controller orders IoT devices to divide their
data into two parts. Specifically, based on the context, if the
data demonstrates a highly-sensitive demonstrate highly sensitive
:::::::::::::::::::::
data, the SDN controller orders the AV to divide its data into two
parts,:70% and 30%. On the other hand, when the corresponding
AV senses highly sensitively sensitive
:::::::
data, the corresponding
AV halves its data and sends it to the SDN controller. In turn,
the SDN controller fuses the received data and sends it to the
cloud computing space. It is depicted as a: “CS” solution in the
Figure:::::
Figure:3.
35 CS
% OBPP
% CAPPAD
30
25
Needed Operations
20
15
10
5
0
0 2 4 6 8 10
Time (Seconds)
Figure 4. Computational cost of CAPPAD over time
B. Penetration Rate
After evaluating our solution from the overhead point of
view, we validate it to find its effectiveness and robustness in
different situations. This section evaluates “CAPPAD” ”::from
the “ Penetration rate” :”:point of view. Penetration rate refers
to the number of successful attacks by adversaries interested in
the sensitive generated data.
We have simulated our scenario 500 times. Every time two
1,200
malicious activities from of ::
two different types were injected
into the system: (1) a simple attack and (2) a linked data attack.
In this light, we have 1000 different attacks with three possible
conditions: (1) non-sensitive data, (2) sensitive data in a non-
emergency situation, and (3) sensitive data in emergencies. For
simplicity, we assume that AVs are static and do not move; future
work may analyze the effect of AVs moving. In addition, we
assume that these two attackers have successfully passed the
security mechanism and are now searching for ways to find the
original data. The first attacker is a simple attack without any
background information about the ecology. Thus, it only sniffs
the flowing data.
However, the second attacker is a linked data one linked to data
::::::::::
with background information about how the systembehaves:: the
system’s behavior. It has the information that AVs use either
::::::::::::::
“Differential Privacy” or “aggregation” for privacy-preserving.
Also, if DP is applied, its privacy budget would be “0.5” while it
has Laplace distribution. Furthermore, it knows AVs are using
use
:::
“sum” as their aggregation method.
Based on the above-mentioned threat models, we have cal-
culated the amount of True Positive (TP), True Negative (TN),
False Positive (FP), and False Negative (FN) to find the CAPPAD
effectiveness in adversary detection.
JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021 7

• True Positive: A legitimate adversary which triggers to a key role in the success of the proposed solution. We have
produce an unfavorable alarm. calculated the average latency in order to find the “CAPPAD”
• False Positive: Number of alarm events when no unfavorable performance more accurately. In our scenario, AVs have a 200-
event has taken placeadverse event occurs.
::::::::::::::::
meter distance from each other in an area of 500M*500M.
• False Negative: When no alarm event is raised while Figure 6 shows the amount of latency when running “CAPPAD”.
::::::::::::::::::::
an unfavorable ::::::
adverse: event by adversaries has taken In order to show the performance of our solution, we compare
placeoccurred.
:::::::
In other words, the number of unfavorable “CAPPAD” latency with the solution in [56], in which IoT devices
several adverse events occurred through adversaries, but
:::::::::::::
send their data through middle nodes to the SDN controller and
“CAPPAD” was unable to detect itcould not detect them.
:::::::::::::::::
then to the cloud computing space based on the amount of trust
• True Negative: An event when no privacy breach has taken each node has with its neighbors. If the trust amount is less than
place occurred,
::::::::
and no detection is made. 50%, then the IoT device will send its data through a newly
They are respectively 170, 650, 102, and 78. Based on this determined route by the SDN controller named “Trust solution”.
calculated amount, we calculate Precision and Recall as shown
in Figure 5: Trust solution
CAPPD
15

Time (Seconds)
Precision and Recall 10
1
0.8
0.6
0.4 5
0.2
0
Recall Precision
CAPPAD TRP
0
0 100 200 300 400 500

Run

Figure 6. The latency amount

Figure 5. The amount of Precision and Recall The x-axis is the running number of our scenario, while the
y-axis shows the time delay. For example, after 200 iterations
Precision:is calculated by comput-
1) Precision: The precision ::::::: of our scenario, the average latency of all AVs is 5.6 seconds.
ing the ratio of TP to the sum of TP and FP. As a result, “CAPPAD” has slightly better performance than the
“Trust solution” before 300 runs,:while after 300, “CAPPAD”
TP does not constantly show better performance.
P recision = (1)
TP + FP
2) Recall: The Recall is calculated by computing the ration VI. D ISCUSSION
ratio
::::
of TP to the sum of TP and FN. In this section , ::::
This ::::::
section ::::::::
discusses :the advantages and
TP disadvantages of “CAPPAD” from an abstract point of vieware
Recall = (2) discussed.
TP + FN The “CAPPAD” adds at most 15% extra computational
As it has been depicted, the amount of Recall is 0.685and ,:::
and pressure on the AVs. This amount is tolerable to ::: for :all AVs
the
:::
Precision is 0.625. To show the “CAPPAD” effectiveness, we
::::::::::::::::::::::::::::::::
as they are not as resource-constrainedas before. The amount
compare it with [55] where authors proposed a novel benchmark
::::::::::::::::::::::::::::::::::::::::::::::::::
of overhead fluctuates over time, but it is limited to 15%.
framework focusing on physical and communication-based
::::::::::::::::::::::::::::::::::::::::::::::::::
With this computational cost and other results achieved, a more
attacks through considering Noise attack augmentation, Pattern
::::::::::::::::::::::::::::::::::::::::::::::::::
effective AVs ecology, rather than ::: AV :::::::
ecology,:::::::::
compared :: to
attack augmentation, Box attack augmentation, Box attack
::::::::::::::::::::::::::::::::::::::::::::::::::
relevant studies, has been obtained from the privacy-preserving
augmentation, Generative Adversarial Attack called “TRP”.
::::::::::::::::::::::::::::::::::::::::::::::::
perspective. Thus, more people can trust it and get benefit from
it.
Meanwhile, the “CAPPAD” penetration rate was evaluated,
C. Latency determining how much it can protect sensitive data against
Latency refers to the time interval between the stimulation unwanted adversaries:, such as attackers in different situations.
and getting a response. From a general point of view, it is We calculated Precision and Recall. We have found that these
defined as the time delay calculated as data transmits from one amounts are more than 60% and less than 70%, respectively.
place to another. The optimal case happens when the amount These amounts can be improved by proposing more efficient
of Latency latency
:::::::
is as tiny as possible. In that case, the solutions by leveraging Machine Learning (ML). With the
transmission time between the AVs and the SDN controller should consideration of this amount of robustness, we can conclude
be instantaneous or as minimalas possibleminimal.
::::::
Regretfully, that “CAPPAD” is more robust against unwanted disclosure
the
:::
delay is inevitable. Even data transmission at the speed of of sensitive data to adversaries than other relevant studies as
light has delays and is not instantaneous. This delay can be mentioned above [57], [58], [35]. From another point of view, we
measured through precise instruments. Accordingly, latency plays can consider it as an effective supporter of the existing security
JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021
mechanism. In short, if malicious activity is searching for a way to
find originated sensitive data while the security mechanism of the
ecology cannot hinder it effectively, our solution can support it.
In brief, though “CAPPAD” enhances privacy-preserving degree
and latency, is has poor performance in computational cost
overhead and complexity overhead :it:::: has ::::::
poorer :::::::::::
computational
cost and complexity performance than current studies.
:::::::::::::::::::::::::::
a) Limitations:
:::::::::
Although “CAPPAD” has superior
:::::::::::::::::::::::::::::::
performance from several evaluation metrics, it suffers from
::::::::::::::::::::::::::::::::::::::::::::::::::
several weak points that future researchers can improve.
::::::::::::::::::::::::::::::::::::::::::::::
• It suffers from single-point failure. In the “CAPPAD”
::::::::::::::::::::::::::::::::::::::::::::::
environment, the controller is a critical component that
::::::::::::::::::::::::::::::::::::::::::::::
manages the AVs and traffic flows. If the controller fails,
::::::::::::::::::::::::::::::::::::::::::::::
it can lead to a complete network outage. Therefore, the
::::::::::::::::::::::::::::::::::::::::::::::
controller represents a single point of failure (SPOF).
::::::::::::::::::::::::::::::::::::::::::::::
Redundancy and failover mechanisms can be implemented
::::::::::::::::::::::::::::::::::::::::::::::
to address the SPOF challenge in SDN.
::::::::::::::::::::::::::::::::
• “ CAPPAD” suffers from a lack of smartness. In order
::::::::::::::::::::::::::::::::::::::::::::::
to reduce this, it can be enriched with Machine Learning
::::::::::::::::::::::::::::::::::::::::::::::
(ML) algorithms. Therefore, it can be more context-aware.
::::::::::::::::::::::::::::::::::::::::::::::
ML can be applied in several parts of “CAPPAD”, including
::::::::::::::::::::::::::::::::::::::::::::::
SDN replacement, privacy-preservation selection, and best
::::::::::::::::::::::::::::::::::::::::::::::
distribution selection in Differential Privacy.
::::::::::::::::::::::::::::::::::::
VII. C ONCLUSION AND F UTURE WORK
AVs are among the emerging IoT products which are trans-
forming the transportation sector. AVs should share information
with other vehicles and RSUs in order to be able to make
high-level decisions. For instance, in emergencies such as garage
time that may result in unwanted accidents, they must share
their sensitive information to make high-level decisions and
escape from a possible accident. In this paperarticle, a context-
::::
aware privacy-preserving scheme for AVs named “CAPPAD” has
been proposed to preserve the privacy of AVsand reduce the
amount of AVs’ privacy and reduce unwanted accidents. In the
::::::::::::::::::::
proposed system, the AVs are connected to an SDN controller
through different RSUs and send their information to the cloud
computing environment for further analysis. The SDN-based
monitoring algorithm selects a privacy-preserving method based
on the context of AVs’ shared information and environment. To
show its superior performance, we evaluated “CAPPAD” from
several aspects. . We have found that “CAPPAD” obtains better
::::::::::::::::::::::::::::::::::::
performance in terms of privacy-preserving degree and latency
::::::::::::::::::::::::::::::::::::::::::::::::::
than some current studies in different situations. However, it
::::::::::::::::::::::::::::::::::::::::::::::::::
imposes a maximum 15% overhead, which is better than a
::::::::::::::::::::::::::::::::::::::::::::::::::
current study but worse than some other studies mentioned
::::::::::::::::::::::::::::::::::::::::::::::::::
in the article’s body. In general, by applying “CAPPAD”, AV
::::::::::::::::::::::::::::::::::::::::::::::::::
privacy with lower latency can be obtained, but it imposes
::::::::::::::::::::::::::::::::::::::::::::::::::
more overhead on the AV ecology. One of our future works is
::::::::::::::::::::::::::::
facilitating “CAPPAD” with ML to make decisions more wisely
, such as :: by :considering the situation of the neighboring AVs.
Moreover, since the paper paves the path for researchers, more
investigation is needed to find Another future work we aim to
:::::::::::::::::::::::::
perform is finding
::::::::::::::::::
the best values for the mentioned parameters
parameters mentioned using Deep Learning. We also have a plan
::::::::::::::::::::::::::::::::::::::::::::::::::
to investigate the “CAPPAD” solution from a latency point of
::::::::::::::::::::::::::::::::::::::::::::::::::
view in different situations, like when there are several SDN
::::::::::::::::::::::::::::::::::::::::::::::::::
controllers
:::::::::::::
in use. Finding the best values through several possible
approaches such as Machine Learning are considered to be as
future work.
VIII. DATA AVAILABILITY
The used data has been declared in the paper body.
IX. C ONFLICT OF I NTEREST
There is no Conflict of Interest for this study.
8
R EFERENCES
[1] S. Kuutti, S. Fallah, K. Katsaros, M. Dianati, F. Mccullough, and
A. Mouzakitis, “A survey of the state-of-the-art localization tech-
niques and their potentials for autonomous vehicle applications,”
IEEE Internet of Things Journal, vol. 5, no. 2, pp. 829–846, 2018.
[2] H. Banzhaf, D. Nienhüser, S. Knoop, and J. M. Zöllner, “The future
of parking: A survey on automated valet parking with an outlook on
high density parking,” in 2017 IEEE Intelligent Vehicles Symposium
(IV). IEEE, 2017, pp. 1827–1834.
[3] R. Hussain and S. Zeadally, “Autonomous cars: Research results,
issues, and future challenges,” IEEE Communications Surveys &
Tutorials, vol. 21, no. 2, pp. 1275–1313, 2018.
[4] M. Gheisari, E. Shojaeian, A. Javadpour, A. Jalili, H. Esmaeili-
Najafabadi, B. S. Bigham, A. A. Vorobeva, Y. Liu, and M. Rezaei,
“An agile privacy-preservation solution for IoT-based smart city
using different distributions,” IEEE Open Journal of Vehicular
Technology, vol. 4, pp. 356–362, 2023.
[5] A. B. T. Sherif, K. Rabieh, M. M. E. A. Mahmoud, and X. Liang,
“Privacy-preserving ride sharing scheme for autonomous vehicles
in big data era,” IEEE Internet of Things Journal, vol. 4, no. 2, pp.
611–618, April 2017.
[6] S. Karnouskos and F. Kerschbaum, “Privacy and integrity consider-
ations in hyperconnected autonomous vehicles,” Proceedings of the
IEEE, vol. 106, no. 1, pp. 160–170, 2018.
[7] S. Kannan, G. Dhiman, Y. Natarajan, A. Sharma, S. N. Mohanty,
M. Soni, U. Easwaran, H. Ghorbani, A. Asheralieva, and M. Gheis-
ari, “Ubiquitous vehicular ad-hoc network computing using deep
neural network with IoT-based bat agents for traffic management,”
Electronics, vol. 10, no. 7, p. 785, mar 2021.
[8] M. Gheisari, A. A. Abbasi, Z. Sayari, Q. Rizvi, A. Asheralieva,
S. Banu, F. M. Awaysheh, S. B. H. Shah, and K. A. Raza, “A survey
on clustering algorithms in wireless sensor networks: Challenges,
research, and trends,” in 2020 International Computer Symposium
(ICS). IEEE, dec 2020.
[9] G. De La Torre, P. Rad, and K.-K. R. Choo, “Driverless vehicle
security: Challenges and future research opportunities,” Future
Generation Computer Systems, 2018.
[10] S. Ansari, J. Ahmad, S. A. Shah, A. Bashir, T. Boutaleb, and
S. Sinanovic, “Chaos-based privacy preserving vehicle safety proto-
col for 5g connected autonomous vehicle networks,” Trans. Emerg.
Telecommun. Technol., vol. 31, 2020.
[11] S. Ogundoyin, “An autonomous lightweight conditional privacy-
preserving authentication scheme with provable security for ve-
hicular ad-hoc networks,” International Journal of Computers and
Applications, vol. 42, pp. 196 – 211, 2020.
[12] O. A. Maghraoui, R. Vosooghi, A. Mourad, J. Kamel, J. Puchinger,
F. Vallet, and B. Yannou, “Shared autonomous vehicle services and
user taste variations: Survey and model applications,” Transporta-
tion research procedia, vol. 47, pp. 3–10, 2020.
[13] L. Wan, L. Sun, K. Liu, X. Wang, Q. Lin, and T. Zhu, “Autonomous
vehicle source enumeration exploiting non-cooperative uav in soft-
ware defined internet of vehicles,” IEEE Transactions on Intelligent
Transportation Systems, vol. 22, pp. 3603–3615, 2021.
[14] F. K. et al, “Internet of medical things privacy and security:
Challenges, solutions, and future trends from a new perspective,”
Sustainability, vol. 15, no. 4, p. 3317, feb 2023.
[15] M. Mangla, S. Deokar, R. Akhare, and M. Gheisari, “A proposed
framework for autonomic resource management in cloud computing
environment,” in Autonomic Computing in Cloud Resource Manage-
ment in Industry 4.0. Springer, 2021, pp. 177–193.
[16] Y. Liu, J. Luo, Y. Yang, X. Wang, M. Gheisari, and F. Luo,
“Shrewdattack: Low cost high accuracy model extraction,”
Entropy, vol. 25, no. 2, 2023. [Online]. Available: https:
//www.mdpi.com/1099-4300/25/2/282
[17] M. Gheisari, A. Javadpour, J. Gao, A. A. Abbasi, Q.-V. Pham, and
Y. Liu, “PPDMIT: a lightweight architecture for privacy-preserving
data aggregation in the internet of things,” Journal of Ambient
Intelligence and Humanized Computing, vol. 14, no. 5, pp. 5211–
5223, jun 2022.
[18] R. R. Fontes, S. Afzal, S. H. B. Brito, M. A. S. Santos, and C. E.
Rothenberg, “Mininet-wifi: Emulating software-defined wireless
networks,” in 2015 11th International Conference on Network and
Service Management (CNSM), 2015, pp. 384–389.
[19] R. D. R. Fontes, C. Campolo, C. E. Rothenberg, and A. Molinaro,
“From theory to experimental evaluation: Resource management
JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021
in software-defined vehicular networks,” IEEE Access, vol. 5, pp.
3069–3076, 2017.
[20] K. Kalkan and S. Zeadally, “Securing internet of things (iot)
with software defined networking (sdn),” IEEE Communications
Magazine, no. 99, pp. 1–7, 2017.
[21] A. J. Moshayedi, A. S. Roy, A. Taravet, L. Liao, J. Wu, and
M. Gheisari, “A secure traffic police remote sensing approach via
a deep learning-based low-altitude vehicle speed detector through
uavs in smart cites: Algorithm, implementation and evaluation,”
Future Transportation, vol. 3, no. 1, pp. 189–209, 2023.
[22] C. Dwork and A. Roth, “The algorithmic foundations of differential
privacy,” Found. Trends Theor. Comput. Sci., vol. 9, pp. 211–407,
2014.
[23] X. Yang, T. Wang, X. Ren, and W. Yu, “Survey on improving data
utility in differentially private sequential data publishing,” IEEE
Transactions on Big Data, pp. 1–1, 2017.
[24] J. Abowd, “The u.s. census bureau adopts differential privacy,”
Proceedings of the 24th ACM SIGKDD International Conference on
Knowledge Discovery & Data Mining, 2018.
[25] S. Garg, K. Kaur, G. Kaddoum, S. H. Ahmed, and D. N. K.
Jayakody, “Sdn-based secure and privacy-preserving scheme for
vehicular networks: A 5g perspective,” IEEE Transactions on
Vehicular Technology, vol. 68, no. 9, pp. 8421–8434, 2019.
[26] T. Zhang and Q. Zhu, “Distributed privacy-preserving collaborative
intrusion detection systems for vanets,” IEEE Transactions on Signal
and Information Processing over Networks, vol. 4, no. 1, pp. 148–161,
2018.
[27] M. Hadian, T. Altuwaiyan, and X. Liang, “Privacy-preserving time-
sharing services for autonomous vehicles,” in Vehicular Technology
Conference (VTC-Fall), 2017 IEEE 86th. IEEE, 2017, pp. 1–5.
[28] M. Gheisari, G. Wang, W. Z. Khan, and C. Fernández-
Campusano, “A context-aware privacy-preserving method for
iot-based smart city using software defined networking,” Computers
& Security, vol. 87, p. 101470, 2019. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S0167404818313336
[29] P. Hu, H. Ning, T. Qiu, H. Song, Y. Wang, and X. Yao, “Security
and privacy preservation scheme of face identification and resolution
framework using fog computing in internet of things,” IEEE Internet
of Things Journal, vol. 4, no. 5, pp. 1143–1155, oct 2017.
[30] P. Singh, M. Masud, M. S. Hossain, and A. Kaur, “Blockchain
and homomorphic encryption-based privacy-preserving data aggre-
gation model in smart grid,” Computers & Electrical Engineering,
vol. 93, p. 107209, 2021.
[31] J. S. Vaidya and C. Clifton, “Privacy preserving data mining over
vertically partitioned data,” USA, 2004, aAI3154746.
[32] L. Sweeney, “k-anonymity: A model for protecting privacy,” In-
ternational Journal of Uncertainty, Fuzziness and Knowledge-Based
Systems, vol. 10, no. 05, pp. 557–570, 2002.
[33] M. Gheisari, G. wang, and S. Chen, “An edge computing-enhanced
iot architecture for privacy-preserving in smart city,” Computer and
electrical engineering, vol. 6, pp. 77 265–77 271, 2019.
[34] M. Gheisari, Q. Pham, M. Alazab, X. Zhang, C. Fernández-
Campusano, and G. Srivastava, “Eca: An edge computing architec-
ture for privacy-preserving in iot-based smart city,” IEEE Access,
vol. 7, pp. 155 779–155 786, 2019.
[35] M. Gheisari, G. Wang, and S. Chen, “An edge computing-enhanced
internet of things framework for privacy-preserving in smart city,”
Computers & Electrical Engineering, vol. 81, p. 106504, 2020.
[36] V. Atluri, Data and Applications Security XXII: 22nd Annual IFIP
WG 11.3 Working Conference on Data and Applications Security
London, UK, July 13-16, 2008, Proceedings. Springer, 2008, vol.
5094.
[37] N. Kökciyan, M. Erdogan, T. H. S. Meral, and P. Yolum, “Privacy-
preserving intersection management for autonomous vehicles,” Age,
vol. 11, no. 65, pp. 1–0, 2018.
[38] K. Kockelman, L. Loftus-Otway, D. Stewart, A. Nichols, W. Wagner,
S. Boyles, M. W. Levin, J. Liu, K. A. Perrine, S. Kilgore et al., “Best
practices for modifying transportation design, planning, and project
evaluation in texas.” Tech. Rep., 2017.
[39] M. Fröhle, K. Granström, and H. Wymeersch, “Multiple target
tracking with uncertain sensor state applied to autonomous vehicle
data,” 2018 IEEE Statistical Signal Processing Workshop (SSP), pp.
628–632, 2018.
[40] G. Ferri, A. Munafò, and K. D. LePage, “An autonomous underwa-
ter vehicle data-driven control strategy for target tracking,” IEEE
Journal of Oceanic Engineering, vol. 43, pp. 323–343, 2018.
9
[41] A. Best, S. Narang, L. Pasqualin, D. J. Barber, and D. Manocha,
“Autonovi-sim: Autonomous vehicle simulation platform with
weather, sensing, and traffic control,” 2018 IEEE/CVF Conference
on Computer Vision and Pattern Recognition Workshops (CVPRW),
pp. 1161–11 618, 2018.
[42] J. Yuan, Z. Wang, C. Xu, H. Li, S. Dai, and H. Liu, “Multi-vehicle
group-aware data protection model based on differential privacy
for autonomous sensor networks,” IET Circuits, Devices & Systems,
2022.
[43] R. C. J. Neto, P. Mérindol, and F. Théoleyre, “Data aggregation
for privacy protection of data streams between autonomous iot net-
works,” 2021 IEEE Symposium on Computers and Communications
(ISCC), pp. 1–6, 2021.
[44] Y. Liu, L. Lin, L. Jiang, W. Zhang, X. Wang, M. Gheisari,
T. Gong, C. Gao, and H. E. Najafabadi, “A blockchain-based
privacy-preserving advertising attribution architecture: Require-
ments, design, and a prototype implementation,” Software: Practice
and Experience, vol. n/a, no. n/a.
[45] A. Bkakria, A. Tasidou, N. Cuppens-Boulahia, F. Cuppens, F. Bouat-
tour, and F. Ben Fredj, “Optimal distribution of privacy budget in
differential privacy,” in Risks and Security of Internet and Systems,
A. Zemmari, M. Mosbah, N. Cuppens-Boulahia, and F. Cuppens,
Eds., 2019.
[46] A. A. Movassagh, J. A. Alzubi, M. Gheisari, M. Rahimi, S. Mohan,
A. A. Abbasi, and N. Nabipour, “Artificial neural networks training
algorithm integrating invasive weed optimization with differential
evolutionary model,” Journal of Ambient Intelligence and Humanized
Computing, vol. 14, no. 5, pp. 6017–6025, mar 2021.
[47] R. dos Reis Fontes, S. Afzal, S. H. B. Brito, M. A. S. Santos,
and C. E. Rothenberg, “Mininet-wifi: Emulating software-defined
wireless networks,” 2015 11th International Conference on Network
and Service Management (CNSM), pp. 384–389, 2015.
[48] M. Abdollahi, W. Ni, M. Abolhasan, and S. Li, “Software-defined
networking-based adaptive routing for multi-hop multi-frequency
wireless mesh,” IEEE Transactions on Vehicular Technology, vol. 70,
pp. 13 073–13 086, 2021.
[49] R. Mendes and J. P. Vilela, “Privacy-preserving data mining:
Methods, metrics, and applications,” IEEE Access, vol. 5, pp. 10 562–
10 582, 2017.
[50] S. Garg, K. Kaur, G. Kaddoum, S. H. Ahmed, and D. N. K.
Jayakody, “Sdn-based secure and privacy-preserving scheme for
vehicular networks: A 5g perspective,” IEEE Transactions on
Vehicular Technology, vol. 68, no. 9, pp. 8421–8434, Sep. 2019.
[51] A. J. e. a. Moshayedi, “A secure traffic police remote sensing
approach via a deep learning-based low-altitude vehicle speed
detector through uavs in smart cites: Algorithm, implementation
and evaluation,” Future Transportation, vol. 3, no. 1, pp. 189–209,
2023.
[52] A. Pavlo, G. Angulo, J. Arulraj, H. Lin, J. Lin, L. Ma, P. Menon,
T. C. Mowry, M. Perron, I. Quah et al., “Self-driving database
management systems.” in CIDR, 2017.
[53] M. Gheisari, H. E. Najafabadi, J. A. Alzubi, J. Gao, G. Wang, A. A.
Abbasi, and A. Castiglione, “Obpp: An ontology-based framework
for privacy-preserving in iot-based smart city,” Future Generation
Computer Systems, vol. 123, pp. 1–13, 2021.
[54] M. Gheisari, G. Wang, W. Z. Khan, and C. Fernández-Campusano,
“A context-aware privacy-preserving method for IoT-based smart
city using software defined networking,” Computers & Security,
vol. 87, p. 101470, nov 2019.
[55] A. Khadka, P. Karypidis, A. Lytos, and G. Efstathopoulos,
“A benchmarking framework for cyber-attacks on autonomous
vehicles,” Transportation Research Procedia, vol. 52, pp. 323–
330, 2021, 23rd EURO Working Group on Transportation
Meeting, EWGT 2020, 16-18 September 2020, Paphos, Cyprus.
[Online]. Available: https://www.sciencedirect.com/science/article/
pii/S2352146521000703
[56] e. a. J Alzubi, “A dynamic sdn-based privacy-preserving approach
for smart city using trust technique,” in 9th Iranian Joint Congress
on Fuzzy and Intelligent Systems, 2022.
[57] M. Gheisari, G. Wang, and S. Chen, “Iot-sdnpp: A method for
privacy-preserving in iot-based smart city with software defined
networking,” in 18th International Conference on Algorithms and
Architectures for Parallel Processing. Springer, Nov. 2018.
[58] C. Gonzalez, S. M. Charfadine, O. Flauzac, and F. Nolot, “Sdn-based
security framework for the iot in distributed grid,” in Computer and
Energy Science (SpliTech), International Multidisciplinary Conference
on. IEEE, 2016, pp. 1–5.