Traditionally personal travel data were solicited via small-scale surveys (1-5% sample) and governments would take the responsibility to secure the personal information before exposing to the public. Nowadays mobiles, cellphone towers, Wi-Fi hotspots, transit counters, traffic sensors, automatic toll payment systems, among others, can passively solicit detailed travel data of the urban population. Processing and analyzing passively as well as actively solicited data has the potential to aid governments and researchers to better understand human mobility for designing fast, reliable and secure transportation systems. To fully exploit the potential of passively solicited large-scale data, privacy and security challenges need to be addressed. Passively solicited data include sensitive personal information like GPS logs or trip and activity habits, so guarding peoples privacy and securing their information from untrusted parties is of utmost importance.

Cyber-security breaches are all around the globe and transportation systems are not any exception. In 2015 a group of civic hackers deciphered and exposed the unstandardized bus location system of Baltimore. In 2016 the San Francisco transit was hack to give free access to commuters for two days, in the same year, information of 57 million Uber customers and drivers were leaked. In 2018 the Ontario Metrolinx server was attack. Blockchain technology can be used to protect individual's personal travel information and guard their privacy as this technology is difficult to tamper and transactions are secure and transparent to all parties--including the individuals who generated the data. Figure 1 (https://www.dropbox.com/s/j4fsyyx891jir89/diagram.pdf) shows the proposed private blockchain for transportation systems, where all the nodes are known. The nodes in the network are:

(a) Private companies such as cellphone providers and hotspot owners, who can share logs of the devices connected to their receivers, this information is used by researchers or government to measure traffic or to identify desired usage patterns of transportation system.

(b) State agencies at all levels (regional, municipal, state and so on) these agencies collect information on tolls, traffic, surveys, parking, property taxes, among others.

(c) Universities collect research data (e.g. stated preference survey) that may be useful to other members of the network.

The biggest data source of transportation systems are the individuals and their cellphones. Everyday individuals generate huge amounts of data which is passively or actively solicited by companies or governments and in the process of collection and storing of the information the privacy can be compromised by an attack or by an unwanted sharing to a third party. The proposed blockchain can protect the users by making them the owners and controllers of their own information. Each user has a unique private key to access their own information and the only way to access users information from third parties is via smart contracts. A user has different smart contracts where they select which information they are willing to share and to which nodes in the network. For instance a user may want to share anonymous GPS data with a university and share their name, address and phone number to a cellphone service provider. All users must have access to the parts of the ledger which contains their data. This way they can control where their information is and can detect if there is a unwanted share to third parties. An analogue description of the user private keys and smart contracts can be applied to the information collected by the nodes in the network.

The main goal of the proposed transportation system blockchain is to protect the personal travel information and secure the privacy of the people to fully exploit the benefits of passively solicit data. Hence, four groups of adversaries are identified whose attacks can be prevented or hindered thanks to the use of the blockchain. The groups are (see Figure 2, https://www.dropbox.com/s/8wt63lh933du0z4/adversaries.pdf):

Adversay 1: Data interception: The personal information transfered to the blockchain is secured by a personal key and can only be opened if the receiver has the key, so attacking a single user may not be worth the effort required to decrypt the data.

Adversay 2: Data leaks: All the personal information is decentralized and protected by keys so massive leaks on information will require huge amounts of power to decrepit each key and to retrieve information from all the parts in the network.

Adversay 3: Unsolicited share of information to third parties: Each user has access to the parts of the ledger where its information appear, so they can easily verify all the transaction involving its information.

Adversay 4: Unsolicited request of information: Individual smart contracts let the user decide the information they want to share with specific nodes.

A test case is implemented for the CarbonCount application which collects mobile sensor data (GPS, speed, direction and MAC address) from residents and share it with Markham government and Ryerson University. The goal of CarbonCount is to convince users to shift from car to a cleaner mode to reduce their carbon emissions. Sensitive information like GPS logs, trip habits and work/home location are shared with Markham and Ryerson so the proposed blockchain is of a great importance to protect the privacy of the participants and to secure their information.

This is joint work with David Lopez (Ryerson University)