short-paper

Attack on “A Privacy-Preserving Online Ride-Hailing System Without Involving a Third Trusted Server”

Author:

Srinivas VivekAuthors Info & Claims

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

Article No.: 59, Pages 1 - 3

https://doi.org/10.1145/3600160.3605040

Published: 29 August 2023 Publication History

Abstract

Recently, Xie, Guo, and Jia (IEEE Transactions on Information Forensics and Security, vol. 16, pp. 3068-3081, 2021) proposed a privacy-preserving Online Ride-Hailing (ORH) protocol that does not make use of a trusted third-party server. The primary goal of such privacy-preserving ORH protocols is to ensure the privacy of riders’ and drivers’ location data w.r.t. the ORH Service Provider (SP). In this work, we demonstrate a passive attack by the SP in the protocol of Xie, Guo, and Jia that enables it to completely recover the location of the rider as well as that of the responding drivers in each and every ride request query. The running time of our attack is independent of the security parameter.

References

[1]

Junxin Huang, Yuchuan Luo, Shaojing Fu, Ming Xu, and Bowen Hu. 2021. pRide: Privacy-Preserving Online Ride Hailing Matching System With Prediction. IEEE Transactions on Vehicular Technology 70, 8 (2021), 7413–7425. https://doi.org/10.1109/TVT.2021.3090042

[2]

Deepak Kumaraswamy, Shyam Murthy, and Srinivas Vivek. 2021. Revisiting Driver Anonymity in ORide. In Selected Areas in Cryptography - 28th International Conference, SAC 2021, Virtual Event, September 29 - October 1, 2021, Revised Selected Papers(Lecture Notes in Computer Science, Vol. 13203), Riham AlTawy and Andreas Hülsing (Eds.). Springer, 25–46. https://doi.org/10.1007/978-3-030-99277-4_2

Digital Library

[3]

Deepak Kumaraswamy and Srinivas Vivek. 2021. Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE. In Progress in Cryptology - INDOCRYPT 2021 - 22nd International Conference on Cryptology in India, Jaipur, India, December 12-15, 2021, Proceedings(Lecture Notes in Computer Science, Vol. 13143), Avishek Adhikari, Ralf Küsters, and Bart Preneel (Eds.). Springer, 462–484. https://doi.org/10.1007/978-3-030-92518-5_21

Digital Library

[4]

Yuchuan Luo, Xiaohua Jia, Shaojing Fu, and Ming Xu. 2019. pRide: Privacy-Preserving Ride Matching Over Road Networks for Online Ride-Hailing Service. IEEE Trans. Information Forensics and Security 14, 7 (2019), 1791–1802. https://doi.org/10.1109/TIFS.2018.2885282

[5]

Shyam Murthy and Srinivas Vivek. 2022. Driver Locations Harvesting Attack on pRide. In Network and System Security - 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9-12, 2022, Proceedings(Lecture Notes in Computer Science, Vol. 13787), Xingliang Yuan, Guangdong Bai, Cristina Alcaraz, and Suryadipta Majumdar (Eds.). Springer, 633–648. https://doi.org/10.1007/978-3-031-23020-2_36

Digital Library

[6]

Shyam Murthy and Srinivas Vivek. 2022. Passive Triangulation Attack on ORide. In Cryptology and Network Security - 21st International Conference, CANS 2022, Dubai, United Arab Emirates, November 13-16, 2022, Proceedings(Lecture Notes in Computer Science, Vol. 13641), Alastair R. Beresford, Arpita Patra, and Emanuele Bellini (Eds.). Springer, 167–187. https://doi.org/10.1007/978-3-031-20974-1_8

Digital Library

[7]

Anh Pham, Italo Dacosta, Guillaume Endignoux, Juan Ramón Troncoso-Pastoriza, Kévin Huguenin, and Jean-Pierre Hubaux. 2017. ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/pham

[8]

Anh Pham, Italo Dacosta, Bastien Jacot-Guillarmod, Kévin Huguenin, Taha Hajar, Florian Tramèr, Virgil D. Gligor, and Jean-Pierre Hubaux. 2017. PrivateRide: A Privacy-Enhanced Ride-Hailing Service. PoPETs 2017, 2 (2017), 38–56. https://doi.org/10.1515/popets-2017-0015

[9]

Cyrus Shahabi, Mohammad R. Kolahdouzan, and Mehdi Sharifzadeh. 2002. A road network embedding technique for k-nearest neighbor search in moving object databases. In ACM-GIS 2002, Proceedings of the Tenth ACM International Symposium on Advances in Geographic Information Systems, McLean, VA (near Washington, DC), USA, USA, November 8-9, 2002, Agnès Voisard and Shu-Ching Chen (Eds.). ACM, 94–10. https://doi.org/10.1145/585147.585167

Digital Library

[10]

Srinivas Vivek. 2021. Attacks on a Privacy-Preserving Publish-Subscribe System and a Ride-Hailing Service. In Cryptography and Coding - 18th IMA International Conference, IMACC 2021, Virtual Event, December 14-15, 2021, Proceedings(Lecture Notes in Computer Science, Vol. 13129), Maura B. Paterson (Ed.). Springer, 59–71. https://doi.org/10.1007/978-3-030-92641-0_4

Digital Library

[11]

F. Wang, H. Zhu, X. Liu, R. Lu, F. Li, H. Li, and S. Zhang. 2018. Efficient and Privacy-Preserving Dynamic Spatial Query Scheme for Ride-Hailing Services. IEEE Transactions on Vehicular Technology 67, 11 (2018), 11084–11097.

[12]

Wikipedia. [n. d.]. Coupon collector’s problem. https://en.wikipedia.org/wiki/Coupon_collector%27s_problem Retrieved: November 30, 2021.

[13]

Hongcheng Xie, Zizhuo Chen, Yu Guo, Qin Liu, and Xiaohua Jia. 2022. Privacy-Preserving Online Ride-Hailing Matching System with an Untrusted Server. In Network and System Security - 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9-12, 2022, Proceedings(Lecture Notes in Computer Science, Vol. 13787), Xingliang Yuan, Guangdong Bai, Cristina Alcaraz, and Suryadipta Majumdar (Eds.). Springer, 429–442. https://doi.org/10.1007/978-3-031-23020-2_24

Digital Library

[14]

Hongcheng Xie, Yu Guo, and Xiaohua Jia. 2021. A Privacy-Preserving Online Ride-Hailing System Without Involving a Third Trusted Server. IEEE Trans. Inf. Forensics Secur. 16 (2021), 3068–3081. https://doi.org/10.1109/TIFS.2021.3065832

[15]

H. Yu, X. Jia, H. Zhang, X. Yu, and J. Shu. 2019. PSRide: Privacy-Preserving Shared Ride Matching for Online Ride Hailing Systems. IEEE Transactions on Dependable and Secure Computing (2019), 1–1.

[16]

Haining Yu, Jiangang Shu, Xiaohua Jia, Hongli Zhang, and Xiangzhan Yu. 2019. lpRide: Lightweight and Privacy-Preserving Ride Matching Over Road Networks in Online Ride Hailing Systems. IEEE Trans. Vehicular Technology 68, 11 (2019), 10418–10428.

Cited By

Zhang MYang AWeng JChen MZeng HLiu YLiu XXia Z(2025)Efficient and Privacy-Preserving Ride Matching Over Road Networks Against Malicious ORH ServerIEEE Transactions on Information Forensics and Security10.1109/TIFS.2025.354445320(2372-2386)Online publication date: 2025
https://doi.org/10.1109/TIFS.2025.3544453
Murthy SUpadhyaya SVivek S(2024)Zone Recovery Attack on a Secure Privacy-Preserving Ride-Matching ProtocolInformation Systems Security10.1007/978-3-031-80020-7_19(330-337)Online publication date: 16-Dec-2024
https://dl.acm.org/doi/10.1007/978-3-031-80020-7_19
Vargheese MVivek S(2023)Attack on the Privacy-Preserving Carpooling Service TAROTInformation Systems Security10.1007/978-3-031-49099-6_15(249-258)Online publication date: 16-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-49099-6_15

Index Terms

Attack on “A Privacy-Preserving Online Ride-Hailing System Without Involving a Third Trusted Server”
1. Security and privacy
  1. Security services
    1. Privacy-preserving protocols

Recommendations

Inferring Trip Occupancies in the Rise of Ride-Hailing Services
CIKM '18: Proceedings of the 27th ACM International Conference on Information and Knowledge Management

The knowledge of all occupied and unoccupied trips made by self-employed drivers are essential for optimized vehicle dispatch by ride-hailing services (e.g., Didi Dache, Uber, Lyft, Grab, etc.). However, the occupancy status of vehicles is not always ...
Attacks on a Privacy-Preserving Publish-Subscribe System and a Ride-Hailing Service
Cryptography and Coding
Abstract
A privacy-preserving Context-Aware Publish-Subscribe System (CA-PSS) enables an intermediary (broker) to match the content from a publisher and the subscription by a subscriber based on the current context while preserving confidentiality of the ...
Privacy-Preserving Online Ride-Hailing Matching System with an Untrusted Server
Network and System Security
Abstract
With the popularity of Online Ride-Hailing (ORH) service, there are growing concerns about location privacy because the taxis and passengers need to upload their locations to the service provider. These locations can be used to infer the users’ ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

August 2023

1440 pages

ISBN:9798400707728

DOI:10.1145/3600160

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Funding Sources

IIIT Bangalore

Conference

ARES 2023

ARES 2023: The 18th International Conference on Availability, Reliability and Security

August 29 - September 1, 2023

Benevento, Italy

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
70
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)7

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang MYang AWeng JChen MZeng HLiu YLiu XXia Z(2025)Efficient and Privacy-Preserving Ride Matching Over Road Networks Against Malicious ORH ServerIEEE Transactions on Information Forensics and Security10.1109/TIFS.2025.354445320(2372-2386)Online publication date: 2025
https://doi.org/10.1109/TIFS.2025.3544453
Murthy SUpadhyaya SVivek S(2024)Zone Recovery Attack on a Secure Privacy-Preserving Ride-Matching ProtocolInformation Systems Security10.1007/978-3-031-80020-7_19(330-337)Online publication date: 16-Dec-2024
https://dl.acm.org/doi/10.1007/978-3-031-80020-7_19
Vargheese MVivek S(2023)Attack on the Privacy-Preserving Carpooling Service TAROTInformation Systems Security10.1007/978-3-031-49099-6_15(249-258)Online publication date: 16-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-49099-6_15

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten