Geocast into the Past: Towards a Privacy-Preserving Spatiotemporal Multicast for Cellular Networks

This article introduces the novel concept of Spatiotemporal Multicast (STM), which is the issue of sending a message to mobile devices that have been residing at a specific area during a certain time span in the past. A wide variety of applications can be envisioned for this concept, including crime investigation, disease control, and social applications. An important aspect of these applications is the need to protect the privacy of its users. In this article, we present an extensive overview of applications and objectives to be fulfilled by an STM service. Furthermore, we propose a first Cluster-based Spatiotemporal Multicast (CSTM) approach and provide a detailed discussion of its privacy features. Finally, we evaluate the performance of our scheme in a large-scale simulation setup.

💡 Research Summary

**
The paper introduces the concept of Spatiotemporal Multicast (STM), which aims to deliver a message exclusively to mobile devices that were present in a specific geographic area during a defined time interval in the past. This capability opens up a range of applications such as locating witnesses of a crime, notifying potential carriers of an infectious disease, or enabling social interactions based on past encounters. Because the very act of receiving such a message can reveal sensitive information about a user’s past whereabouts, the authors place strong emphasis on privacy protection.

After outlining functional (long‑term support, high delivery ratio, fine spatial‑temporal precision) and non‑functional (low latency, computational/communication efficiency, scalability, robustness) requirements, they derive five privacy‑security objectives: anonymity, location privacy, co‑location privacy, absence privacy, and data confidentiality.

To satisfy these goals, the authors propose a Cluster‑based Spatiotemporal Multicast (CSTM) scheme that relies on three main entities:

1. Token Planning Server (TPS) – a trusted authority that knows the cellular layout and generates per‑cell, per‑hierarchy‑level random seeds. These seeds are securely transferred to the base stations (eNBs) using TLS.

2. Base Stations (eNBs) – at regular time slots each eNB creates a token τ₍c,t₎ containing a set of symmetric keys K₍c,t,l₎ for all hierarchy levels l. The token is broadcast to every UE currently in cell c. The hierarchy defines different time‑slot lengths (tₛˡ) and validity windows (tᵥˡ); higher levels aggregate larger spatial‑temporal regions and are used later after the token ages.

3. Rendezvous Points (RPs) – a distributed set of mail‑box‑like servers that store encrypted STM messages (st‑datagrams). For each key K the TPS computes a region identifier r_K = h(K) and an RP identifier r_pK = h(r_K). The RP address is obtained by hashing r_pK modulo the known number of RPs and resolving it via DNS. The RP stores the encrypted datagram indexed by r_K.

Message flow:

• A sender specifies a target spatiotemporal region and sends the plaintext to the TPS.
• The TPS determines which cells overlap the region, reconstructs the appropriate tokens using the stored seeds, selects the currently valid hierarchy level, encrypts the message with the corresponding key K, and forwards the ciphertext together with r_K to the appropriate RP(s).
• Each UE keeps a local list of received tokens. At regular polling intervals it selects, for each token, the key belonging to the level whose validity window matches the elapsed time since token reception. It then derives r_K and r_pK, contacts the corresponding RP, and asks for any datagram indexed by r_K.
• The RP returns all matching ciphertexts; the UE decrypts them with K. All communications (UE↔RP, TPS↔RP, sender↔TPS) are protected by TLS.

The token hierarchy is the key scalability mechanism. By aggregating keys over larger spatial clusters and longer time slots at higher levels, the number of polling messages per UE drops dramatically, at the cost of reduced delivery precision (some UEs outside the exact target region may receive the message). This trade‑off also provides a form of k‑anonymity, obscuring individual movement traces.

Privacy analysis considers four attacker capabilities: passive eavesdropping, compromised UE, compromised RP, and compromised eNB. The design ensures that:

• An attacker cannot link a received ciphertext to a specific user (anonymity) because only the intended UE holds the correct key.
• Location and co‑location are hidden because tokens are hashed before being sent to RPs; the RP never sees the raw key or the actual region.
• Absence privacy is preserved because a UE that did not receive a message simply receives no response; the attacker cannot infer non‑presence.
• Data confidentiality is guaranteed by encrypting the message with a key known only to UEs that have the matching token.

Performance evaluation (large‑scale simulation with thousands of cells and tens of thousands of UEs) shows that:

• Using three hierarchy levels reduces polling traffic by about 70 % while maintaining >90 % delivery success.
• Average delivery latency stays within the validity window of the used level (typically a few minutes).
• RP load is evenly balanced thanks to the hash‑based deterministic mapping of region identifiers to RP indices.
• The scheme scales linearly with the number of senders and messages; the bottleneck is the TPS during message deposition, which can be mitigated by parallelizing token reconstruction.

In conclusion, the paper delivers the first concrete protocol for privacy‑preserving spatiotemporal multicast in cellular networks. By combining token‑based key distribution, hierarchical aggregation, and a distributed RP infrastructure, CSTM achieves a practical balance between delivery accuracy, communication overhead, and strong privacy guarantees. Open issues for future work include optimal hierarchy design, handling hash collisions, robustness against large‑scale RP failures, and real‑world deployment considerations such as integration with existing LTE/5G core networks.