To address privacy and security risks—including user re-identification, session linking, and sparse-area attacks—in geographic data crowdsourcing for Intelligent Transportation Systems (ITS), this paper proposes a PKI-based security architecture integrating ephemeral pseudonymous certificates. Our approach innovatively combines randomized key rotation with adaptive geospatial resolution control to achieve dual anonymity for users and devices. Leveraging the Locator/Identifier Separation Protocol (LISP) and H3 spatial indexing, we design a microservice-oriented overlay network. The architecture is systematically guided by a joint STRIDE/LINDDUN threat modeling framework. Prototype evaluation demonstrates that, while ensuring strong anonymity and robust surveillance resistance, the solution incurs ≤25% end-to-end latency overhead and ≤7% throughput degradation—confirming its practical deployability in real-world ITS environments.

A critical requirement for modern-day Intelligent Transportation Systems (ITS) is the ability to collect geo-referenced data from connected vehicles and mobile devices in a safe, secure and anonymous way. The Nexagon protocol, which builds on the IETF Locator/ID Separation Protocol (LISP) and the Hierarchical Hexagonal Clustering (H3) geo-spatial indexing system, offers a promising framework for dynamic, privacy-preserving data aggregation. Seeking to address the critical security and privacy vulnerabilities that persist in its current specification, we apply the STRIDE and LINDDUN threat modelling frameworks and prove among other that the Nexagon protocol is susceptible to user re-identification, session linkage, and sparse-region attacks. To address these challenges, we propose an enhanced security architecture that combines public key infrastructure (PKI) with ephemeral pseudonym certificates. Our solution guarantees user and device anonymity through randomized key rotation and adaptive geospatial resolution, thereby effectively mitigating re-identification and surveillance risks in sparse environments. A prototype implementation over a microservice-based overlay network validates the approach and underscores its readiness for real-world deployment. Our results show that it is possible to achieve the required level of security without increasing latency by more than 25% or reducing the throughput by more than 7%.