Buckinghamshire CC ANPR cameras
ben at liddicott.com
Tue Feb 7 18:44:35 GMT 2012
Perhaps worth reiterating that for anonymisation, the object is to have a
relatively high, fairly uniform, level of collisions.
There are 18million-ish cars on the road. That means that if we are using a
reasonable hash and masking to 24 bits, we have not performed any
anonymisation whatsoever. Masking to 18 bits will give us approximately
10-20 cars in each bucket, which is a bare minimum level of anonymisation at
a national level.
However most driving doesn't occur at a national level. In Bucks there will
(based on population) be around 250,000 to 300,000 cars registered.
To get basic anonymisation you really want to restrict the hash to 15,000 to
30,000 buckets, = 14 to 15 bits at the absolute outside.
(Also recall that the new numbering scheme is regional. So if you want to
play "where in the world is YY 01 ABC" (made up number) a good guess will
start with Yorkshire, for example. Anonymisation needs to take this into
Bucket size may need to be higher/hash length lower if journey information
can be combined with other information (such as a known start point,
probable "first sight" entrypoints into the ANPR system etc). If such
information is available to a malefactor you may struggle to justify more
than four or five bits as anonymous.
From: John Wilson
Sent: Sunday, February 05, 2012 2:00 PM
To: UK Cryptography Policy Discussion Group
Subject: Re: Buckinghamshire CC ANPR cameras
Rather to my surprise Bucks CC have given me the details of the
hashing scheme used by ANPR cameras which implement the UTMC protocol
(which is, I think, all of the civil and police ANPR cameras). This
was the result of an FoI request.
D 0 Q are replaced with O (Q isn't used in the current numbering scheme)
1 is replaced with I (I isn't used in the current numbering
5 is replaced with S
Y is replaced with V
8 and B are replaced with 3 (this may cause problems after 2030)
Z is replaced with 2
F is replaced with E
C is replaced with G
M N W are replaced with H
In the scheme used since 2002 replacing a number by a letter or a
letter by a number will not cause extra collisions.
The transformed plate number is then hashed with the one-at-a-time
hash function described here
The 32 bit result is reduced to 24 or 18 bits simply by masking.
This is described in the UTMC Technical Guide TR007.001b which, as far
as I can tell is not published on the UTMC site.
If anybody would like a copy of the document please contact me off list.
It would appear that the Highways Agency's statement that a large
prime number is used is untrue.
I'm going to be doing some experiments to see how well the function
does with some generated numberplate data.
More information about the ukcrypto