Yuchuan Luo
ABSTRACT
Promising unprecedented convenience, Online Ride Hailing (ORH) service such as Uber and Didi has gained increasing popularity. Different from traditional taxi service, this new on-demand transportation service allows users to request rides from the online service providers at the touch of their fingers. Despite such great convenience, existing ORH systems require the users to expose their locations when requesting rides - a severe privacy issue in the face of untrusted or compromised service providers. In this paper, we propose a private yet efficient ride request scheme, allowing the user to enjoy public ORH service without sacrificing privacy. Unlike previous works, we consider a more practical setting where the information about the drivers and road networks is public. This poses an open challenge to achieve strong security and high efficiency for the secure ORH service. Our main leverage in addressing this problem is hardware-enforced Trusted Execution Environment, in particular Intel SGX enclave. However, the use of secure enclave does not lead to an immediate solution due to the hardware's inherent resource constraint and security limitation. To tackle the limited enclave space, we first design an efficient ride-matching algorithm utilizing hub-based labeling technique, which avoids loading massive road network data into enclave during online processing. To defend against side-channel attacks, we take the next step to make the ride-matching algorithm data-oblivious, by augmenting it with oblivious label access and oblivious distance computation. The proposed solution provides high efficiency of real-time response and strong security guarantee of data-obliviousness. We implement a prototype system of the proposed scheme and thoroughly evaluate it from both theoretical and experimental aspects. The results show that the proposed scheme permits accurate and real-time ride-matching with provable security.
- {n. d.}. Murder case prompts China's Didi Chuxing to halt Hitch ridesharing. https://www.engadget.com/2018/05/11/didi-chuxing-ridesharing- murder-passenger-safety/. Accessed Jun 7, 2018.Google Scholar
- {n. d.}. Security on ARM TrustZone. https://www.arm.com/products/security-on-arm/trustzone. Accessed November 23, 2017.Google Scholar
- Ittai Abraham, Daniel Delling, Andrew V Goldberg, and Renato F Werneck. 2011. A hub-based labeling algorithm for shortest paths in road networks. In Proc. of SEA. Google ScholarDigital Library
- Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proc. of HASP.Google Scholar
- Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark Still-well, et al. 2016. SCONE: Secure Linux Containers with Intel SGX. In Proc. of USENIX OSDI. Google ScholarDigital Library
- Bhuvan Bamba, Ling Liu, Peter Pesti, and Ting Wang. 2008. Supporting anonymous location queries in mobile environments with privacygrid. In Proce. of ACM WWW. Google ScholarDigital Library
- Kenneth E Batcher. 1968. Sorting networks and their applications. In Proc. of the spring joint computer conference. ACM. Google ScholarDigital Library
- Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. arXiv preprint arXiv:1702.07521 (2017).Google Scholar
- Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. 1995. Private information retrieval. In Proc. of IEEE FOCS. Google ScholarDigital Library
- Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016 (2016), 86.Google Scholar
- Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. 2011. Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security 19, 5 (2011), 895--934. Google ScholarDigital Library
- Edsger W Dijkstra. 1959. A note on two problems in connexion with graphs. Numerische mathematik 1, 1 (1959), 269--271. Google ScholarDigital Library
- Huayi Duan, Xingliang Yuan, and Cong Wang. 2017. LightBox: SGX-assisted Secure Network Functions at Near-native Speed. arXiv preprint arXiv:1706.06261 (2017).Google Scholar
- Benny Fuhry, Raad Bahmani, Ferdinand Brasser, Florian Hahn, Florian Kerschbaum, and Ahmad-Reza Sadeghi. 2017. HardIDX: practical and secure index with SGX. In Proc. of CODASPY.Google ScholarCross Ref
- Bugra Gedik and Ling Liu. 2008. Protecting location privacy with personalized k-anonymity: Architecture and algorithms. IEEE Transactions on Mobile Computing 7, 1 (2008), 1--18. Google ScholarDigital Library
- Gabriel Ghinita, Panos Kalnis, Murat Kantarcioglu, and Elisa Bertino. 2011. Approximate and exact hybrid algorithms for private nearest-neighbor queries with database protection. GeoInformatica 15, 4 (2011), 699--726. Google ScholarDigital Library
- Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions. In Proc. of HASP. Google ScholarDigital Library
- Hidetoshi Kido, Yutaka Yanagisawa, and Tetsuji Satoh. 2005. An anonymous communication technique using dummies for location-based services. In Proc. of IEEE ICPS.Google ScholarCross Ref
- John Krumm. 2007. Inference attacks on location tracks. In Proc. of International Conference on Pervasive Computing. Springer. Google ScholarDigital Library
- S Lakshmivarahan, Sudarshan K Dhall, and Leslie L Miller. 1984. Parallel sorting algorithms. Advances in Computers 23 (1984), 295--354.Google ScholarCross Ref
- Xinyu Lei, Alex X Liu, and Rui Li. 2017. Secure KNN Queries over Encrypted Data: Dimensionality Is Not Always a Curse. In Proc. Of ICDE.Google ScholarCross Ref
- Feifei Li, Dihan Cheng, Marios Hadjieleftheriou, George Kollios, and Shang-Hua Teng. 2005. On trip planning queries in spatial databases. In Proc. of SSTD. Google ScholarDigital Library
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proc. of HASP. Google ScholarDigital Library
- Xianrui Meng, Seny Kamara, Kobbi Nissim, and George Kollios. 2015. GRECS: graph encryption for approximate shortest distance queries. In Proc. of ACM CCS. Google ScholarDigital Library
- Mohamed F Mokbel, Chi-Yin Chow, and Walid G Aref. 2006. The new casper: Query processing for location services without compromising privacy. In Proc. of VLDB. Google ScholarDigital Library
- Takao Murakami. 2017. Expectation-Maximization Tensor Factorization for Practical Location Privacy Attacks. In Proc. of PETS.Google ScholarCross Ref
- Ben Niu, Qinghua Li, Xiaoyan Zhu, Guohong Cao, and Hui Li. 2014. Achieving k-anonymity in privacy-aware location-based services. In Proc. of IEEE INFOCOM.Google ScholarCross Ref
- Olga Ohrimenko, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Markulf Kohlweiss, and Divya Sharma. 2015. Observing and preventing leakage in MapReduce. In Proc. of ACM CCS. Google ScholarDigital Library
- Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. 2016. Oblivious Multi-Party Machine Learning on Trusted Processors. In Proc. of USENIX Security. Google ScholarDigital Library
- Russell Paulet, Md Golam Kaosar, Xun Yi, and Elisa Bertino. 2014. Privacy-preserving and content-protecting location based queries. IEEE TKDE 26, 5 (2014), 1200--1210. Google ScholarDigital Library
- Thi Van Anh Pham, Italo Ivan Dacosta Petrocelli, Guillaume Francois Maurice Endignoux, Juan Ramón Troncoso-Pastoriza, Kévin Huguenin, and Jean-Pierre Hubaux. 2017. ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service. In Proc. of USENIX Security.Google Scholar
- Thi Van Anh Pham, Italo Ivan Dacosta Petrocelli, Bastien Jacot-Guillarmod, Kévin Huguenin, Taha Hajar, Florian Tramèr, Virgil Gligor, and Jean-Pierre Hubaux. 2017. PrivateRide: A Privacy-Enhanced Ride-Hailing Service. In Proc. of PETS.Google Scholar
- Ahmed BT Sherif, Khaled Rabieh, Mohamed MEA Mahmoud, and Xiaohui Liang. 2017. Privacy-preserving ride sharing scheme for autonomous vehicles in big data era. IEEE Internet of Things Journal 4, 2 (2017), 611--618.Google ScholarCross Ref
- Latanya Sweeney. 2002. K-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10, 05 (2002), 557--570. Google ScholarDigital Library
- Frank Wang, Catherine Yun, Shafi Goldwasser, Vinod Vaikuntanathan, and Matei Zaharia. 2017. Splinter: Practical Private Queries on Public Data. In Proc. of USENIX NSDI. Google ScholarDigital Library
- Qian Wang, Kui Ren, Minxin Du, Qi Li, and Aziz Mohaisen. 2017. SecGDB: Graph Encryption for Exact Shortest Distance Queries with Efficient Updates. In Proc. of FC.Google ScholarCross Ref
- Wai Kit Wong, David Wai-lok Cheung, Ben Kao, and Nikos Mamoulis. 2009. Secure kNN computation on encrypted databases. In Proc. of ACM SIGMOD. Google ScholarDigital Library
- Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proc. of IEEE S&P.Google ScholarDigital Library
- Hui Zang and Jean Bolot. 2011. Anonymization of location data does not work: A large-scale measurement study. In Proc. of ACM MobiCom.Google ScholarDigital Library
- Wenting Zheng, Ankur Dave, Jethro G Beekman, Raluca Ada Popa, Joseph E Gonzalez, and Ion Stoica. 2017. Opaque: An Oblivious and Encrypted Distributed Analytics Platform. In Proc. of USENIX NSDI.Google Scholar
Index Terms
- pRide: private ride request for online ride hailing service with secure hardware enclave
Recommendations
An efficient dynamic traffic light scheduling algorithm considering emergency vehicles for intelligent transportation systems
Traffic lights have been installed throughout road networks to control competing traffic flows at road intersections. These traffic lights are primarily intended to enhance vehicle safety while crossing road intersections, by scheduling conflicting ...
Taxi cab service optimization using spatio-temporal implementation to hot-spot analysis with taxi trajectories: a case study in Seoul, Korea
MobiGIS '16: Proceedings of the 5th ACM SIGSPATIAL International Workshop on Mobile Geographic Information SystemsCurrently there are demands for maximization of taxi services and also for saving fuel usage within massive cities. Spatial big data extracted from taxi service records and GPS can be used to suggest optimal routing options to achieve these goals. The ...
Driver Locations Harvesting Attack on pRide
Network and System SecurityAbstractPrivacy preservation in Ride-Hailing Services (RHS) is intended to protect privacy of drivers and riders. pRide, published in IEEE Trans. Vehicular Technology 2021, is a prediction based privacy-preserving RHS protocol to match riders with an ...
Comments