Skip to main content
Springer Nature Link
Log in

Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE

  • Conference paper
  • First Online:
Progress in Cryptology – INDOCRYPT 2021 (INDOCRYPT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13143))

Included in the following conference series:

Abstract

In a typical ride-hailing service, the service provider (RS) matches a customer (RC) with the closest vehicle (RV) registered to this service. Ride-hailing services have gained tremendous popularity over the past years, and several works have been proposed to ensure privacy of riders and drivers during ride-matching. TRACE is an efficient privacy-preserving ride-hailing service proposed by Wang et al. (IEEE Trans. Vehicular Technology 2018). TRACE uses masking along with other cryptographic techniques to ensure efficient and accurate ride-matching. RS computes a (secret) spatial division of a region into quadrants. The RS uses masked location information to match RCs and RVs within a quadrant without obtaining their exact locations, thus ensuring privacy. Additionally, an RC only gets to know location of the closest RV finally matched to it, and not of other responding RVs in the region.

In this work, we disprove the privacy claims in TRACE by showing the following: a) RCs and RVs can identify the secret spatial division maintained by RS (this reveals information about the density of RVs in the region and other potential trade secrets), and b) the RS can identify exact locations of RCs and RVs (this violates location privacy). Prior to exchanging encrypted messages in the TRACE protocol, each entity masks the plaintext message with a secret unknown to others. Our attack allows other entities to recover this plaintext from the masked value by exploiting shared randomness used across different messages, that eventually leads to a system of linear equations in the unknown plaintexts. This holds even when all the participating entities are honest-but-curious. We implement our attack and demonstrate its efficiency and high success rate. For the security parameters recommended for TRACE, an RV can recover the spatial division in less than a minute, and the RS can recover the location of an RV in less than a second on a commodity laptop.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The implementation can be accessed at https://github.com/deepakkavoor/rhs-attack/tree/trace-attack.

References

  1. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_30

    Chapter  Google Scholar 

  2. Eberly, W., Giesbrecht, M., Giorgi, P., Storjohann, A., Villard, G.: Solving sparse integer linear systems. CoRR abs/cs/0603082 (2006). http://arxiv.org/abs/cs/0603082

  3. EconomicTimes: Bengaluru techie arrested for data theft from Aadhaar website (2017). https://economictimes.indiatimes.com/small-biz/security-tech/security/ola-employee-arrested-for-data-theft-from-aadhaar-website/articleshow/59909079.cms?from=mdr. Accessed 17 June 2021

  4. Hurriyet Daily News: Istanbul taxi drivers hunt down, beat up Uber drivers as tensions rise (2018). https://www.hurriyetdailynews.com/istanbul-taxi-drivers-hunt-down-beat-up-uber-drivers-as-tensions-rise-128443. Accessed 17 June 2021

  5. Kumaraswamy, D., Murthy, S., Vivek, S.: Revisiting driver anonymity in oride. CoRR abs/2101.06419 (2021). https://arxiv.org/abs/2101.06419, to appear in SAC 2021

  6. Lu, R., Lin, X., Shen, X.: Spoc: a secure and privacy-preserving opportunistic computing framework for mobile-healthcare emergency. IEEE Trans. Parallel Distrib. Syst. 24(3), 614–624 (2013). https://doi.org/10.1109/TPDS.2012.146

    Article  Google Scholar 

  7. Luo, Y., Jia, X., Fu, S., Xu, M.: pRide: privacy-preserving ride matching over road networks for online ride-hailing service. IEEE Trans. Inf. Forensics Secur. 14(7), 1791–1802 (2019). https://doi.org/10.1109/TIFS.2018.2885282

  8. NortonLifeLock: Uber Announces New Data Breach Affecting 57 million Riders and Drivers (2020). https://us.norton.com/internetsecurity-emerging-threats-uber-breach-57-million.html. Accessed 17 June 2021

  9. Pew Research Center: More Americans Are Using Ride-Hailing Apps (2019). https://www.pewresearch.org/fact-tank/2019/01/04/more-americans-are-using-ride-hailing-apps/. Accessed 17 June 2021

  10. Pham, A., Dacosta, I., Endignoux, G., Troncoso-Pastoriza, J.R., Huguenin, K., Hubaux, J.: ORide: a privacy-preserving yet accountable ride-hailing service. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 1235–1252. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/pham

  11. Pham, A., et al.: PrivateRide: a privacy-enhanced ride-hailing service. PoPETs 2017(2), 38–56 (2017). https://doi.org/10.1515/popets-2017-0015

  12. Schneider, T., Treiber, A.: A comment on privacy-preserving scalar product protocols as proposed in SPOC. IEEE Trans. Parallel Distrib. Syst. 31(3), 543–546 (2020). https://doi.org/10.1109/TPDS.2019.2939313

    Article  Google Scholar 

  13. The Sage Developers: SageMath, the Sage Mathematics Software System (Version 9.0) (2021). https://www.sagemath.org

  14. Thejournal.ie: West Dublin gang using hailing apps to target older taxi drivers (2019). https://www.thejournal.ie/west-dublin-taxi-robbery-4420178-Jan2019/. Accessed 17 June 2021

  15. Vivek, S.: Attacks on a privacy-preserving publish-subscribe system and a ride-hailing service. CoRR abs/2105.04351 (2021). https://arxiv.org/abs/2105.04351, to appear in IMACC 2021

  16. Wang, F., et al.: Efficient and privacy-preserving dynamic spatial query scheme for ride-hailing services. IEEE Trans. Veh. Technol. 67(11), 11084–11097 (2018)

    Article  Google Scholar 

  17. Xie, H., Guo, Y., Jia, X.: A privacy-preserving online ride-hailing system without involving a third trusted server. IEEE Trans. Inf. Forensics Secur. 16, 3068–3081 (2021). https://doi.org/10.1109/TIFS.2021.3065832

    Article  Google Scholar 

  18. Yu, H., Jia, X., Zhang, H., Shu, J.: Efficient and privacy-preserving ride matching using exact road distance in online ride hailing services. IEEE Trans. Serv. Comput. 1 (2020). https://doi.org/10.1109/TSC.2020.3022875

  19. Yu, H., Shu, J., Jia, X., Zhang, H., Yu, X.: lpride: lightweight and privacy-preserving ride matching over road networks in online ride hailing systems. IEEE Trans. Veh. Technol. 68(11), 10418–10428 (2019). https://doi.org/10.1109/TVT.2019.2941761

  20. Zhao, Q., Zuo, C., Pellegrino, G., Lin, Z.: Geo-locating drivers: a study of sensitive data leakage in ride-hailing services. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, 24–27 February 2019. The Internet Society (2019). https://www.ndss-symposium.org/ndss-paper/geo-locating-drivers-a-study-of-sensitive-data-leakage-in-ride-hailing-services/

Download references

Acknowledgements

This work was partially funded by the Infosys Foundation Career Development Chair Professorship grant for Srinivas Vivek.

Author information

Authors and Affiliations

  1. National Institute of Technology Karnataka, Mangalore, India

    Deepak Kumaraswamy

  2. International Institute of Information Technology Bangalore, Bengaluru, India

    Srinivas Vivek

Authors
  1. Deepak Kumaraswamy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Srinivas Vivek
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Presidency University, Kolkata, India

    Avishek Adhikari

  2. University of Stuttgart, Stuttgart, Germany

    Ralf Küsters

  3. University of Leuven and imec, Leuven, Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kumaraswamy, D., Vivek, S. (2021). Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE. In: Adhikari, A., Küsters, R., Preneel, B. (eds) Progress in Cryptology – INDOCRYPT 2021. INDOCRYPT 2021. Lecture Notes in Computer Science(), vol 13143. Springer, Cham. https://doi.org/10.1007/978-3-030-92518-5_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92518-5_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92517-8

  • Online ISBN: 978-3-030-92518-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics