Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Zone Recovery Attack on a Secure Privacy-Preserving Ride-Matching Protocol

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15416))

Included in the following conference series:

  • 202 Accesses

Abstract

The popularity of ride-hailing services (RHS) has increased all over the world as well as awareness of privacy preservation of (PP) end-users. A number of PP-RHS solutions have been proposed in the literature. Some involve a service provider (SP), while others provide a decentralized mechanism. A decentralized RHS protocol by Shen et al. was published in IEEE Systems Journal (2023) that aims to provide secure ride-matching without involving any trusted third party. Their protocol makes use of a public-key encryption scheme with an equality test and a blockchain with smart contracts. They provide a theoretical analysis of their protocol and experimental results to show that their implementation is efficient and practical. In their protocol, to provide an efficient matching scheme, the area of operation, like a city, is partitioned into zones. In the first step of their protocol, the authorized, public blockchain takes the encrypted zone ID information of the driver and rider as input to an oblivious rider-driver match protocol to provide ride matching, without revealing anything about the zone ID. In this paper, we show that an eavesdropper will be able to learn the zone IDs of all the participating users, thus negating one of the main security claims of the aforementioned RHS protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Aïvodji, U.M., Huguenin, K., Huguet, M.J., Killijian, M.O.: Sride: a privacy-preserving ridesharing system. In: WiSec 2018, pp. 40–50. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3212480.3212483

  2. Huang, J., Luo, Y., Fu, S., Xu, M., Hu, B.: pRide: privacy-preserving online ride hailing matching system with prediction. IEEE Trans. Veh. Technol. 70(8), 7413–7425 (2021). https://doi.org/10.1109/TVT.2021.3090042

    Article  Google Scholar 

  3. Kanza, Y., Safra, E.: Cryptotransport: blockchain-powered ride hailing while preserving privacy, pseudonymity and trust. In: Kashani, F.B., Hoel, E.G., Güting, R.H., Tamassia, R., Xiong, L. (eds.) Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems, SIGSPATIAL 2018, Seattle, WA, USA, 06–09 November 2018, pp. 540–543. ACM (2018)

    Google Scholar 

  4. Khazbak, Y., Fan, J., Zhu, S., Cao, G.: Preserving location privacy in ride-hailing service. In: 2018 IEEE Conference on Communications and Network Security, CNS 2018, Beijing, China, 30 May–1 June 2018, pp. 1–9. IEEE (2018)

    Google Scholar 

  5. Kumaraswamy, D., Murthy, S., Vivek, S.: Revisiting driver anonymity in ORide. In: AlTawy, R., Hülsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 25–46. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99277-4_2

    Chapter  Google Scholar 

  6. Kumaraswamy, D., Vivek, S.: Cryptanalysis of the privacy-preserving ride-hailing service TRACE. In: Adhikari, A., Küsters, R., Preneel, B. (eds.) INDOCRYPT 2021. LNCS, vol. 13143, pp. 462–484. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92518-5_21

    Chapter  Google Scholar 

  7. Luo, Y., Jia, X., Fu, S., Xu, M.: pRide: privacy-preserving ride matching over road networks for online ride-hailing service. IEEE Trans. Inf. Forensics Secur. 14(7), 1791–1802 (2019). https://doi.org/10.1109/TIFS.2018.2885282

    Article  Google Scholar 

  8. Murthy, S., Vivek, S.: Driver locations harvesting attack on pRide. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds.) NSS 2022. LNCS, vol. 13787, pp. 633–648. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-23020-2_36

    Chapter  Google Scholar 

  9. Murthy, S., Vivek, S.: Passive triangulation attack on ORide. In: Beresford, A.R., Patra, A., Bellini, E. (eds.) CANS 2022. LNCS, vol. 13641, pp. 167–187. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-20974-1_8

    Chapter  Google Scholar 

  10. Pham, A., Dacosta, I., Endignoux, G., Troncoso-Pastoriza, J.R., Huguenin, K., Hubaux, J.: ORide: a privacy-preserving yet accountable ride-hailing service. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 1235–1252. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/pham

  11. Pham, A., et al.: PrivateRide: a privacy-enhanced ride-hailing service. PoPETs 2017(2), 38–56 (2017). https://doi.org/10.1515/popets-2017-0015

    Article  Google Scholar 

  12. SC Media Report: Uber data targeted in breach of third-party law firm (2023). https://www.scmagazine.com/news/uber-data-targeted-breach-third-party-law-firm. Accessed 20 Mar 2024

  13. Semenko, Y., Saucez, D.: Distributed privacy preserving platform for ridesharing services. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 1–14. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24907-6_1

    Chapter  Google Scholar 

  14. Shen, X., Wang, Z., Wang, B., Wang, L., Pei, Q.: A privacy-preserving ride-matching scheme without a trusted third-party server. IEEE Syst. J. 17(4), 6413–6424 (2023). https://doi.org/10.1109/JSYST.2023.3289833

    Article  Google Scholar 

  15. Statista Market Insights Mobility Shared Mobility: Ride-hailing - United States (2024). https://www.statista.com/outlook/mmo/shared-mobility/ride-hailing/united-states/. Accessed 18 Mar 2024

  16. UpGuard Blog: What Caused the Uber Data breach in 2022? (2023). https://www.upguard.com/blog/what-caused-the-uber-data-breach. Accessed 20 Mar 2024

  17. Vivek, S.: Attacks on a privacy-preserving publish-subscribe system and a ride-hailing service. In: Paterson, M.B. (ed.) IMACC 2021. LNCS, vol. 13129, pp. 59–71. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92641-0_4

    Chapter  Google Scholar 

  18. Vivek, S.: Attack on “a privacy-preserving online ride-hailing system without involving a third trusted server”. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, 29 August 2023–1 September 2023, pp. 59:1–59:3. ACM (2023). https://doi.org/10.1145/3600160.3605040

  19. Wang, F., et al.: Efficient and privacy-preserving dynamic spatial query scheme for ride-hailing services. IEEE Trans. Veh. Technol. 67(11), 11084–11097 (2018)

    Article  Google Scholar 

  20. Wikipedia: New York City (2024). https://en.wikipedia.org/wiki/New_York_City. Accessed 26 Mar 2024

  21. Xie, H., Guo, Y., Jia, X.: A privacy-preserving online ride-hailing system without involving a third trusted server. IEEE Trans. Inf. Forensics Secur. 16, 3068–3081 (2021). https://doi.org/10.1109/TIFS.2021.3065832

    Article  Google Scholar 

  22. Yang, G., Tan, C.H., Huang, Q., Wong, D.S.: Probabilistic public key encryption with equality test. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 119–131. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11925-5_9

    Chapter  Google Scholar 

  23. Yu, H., Jia, X., Zhang, H., Yu, X., Shu, J.: PSRide: privacy-preserving shared ride matching for online ride hailing systems. IEEE Trans. Dependable Secure Comput. 18, 1425–1440 (2019)

    Google Scholar 

  24. Yu, H., Shu, J., Jia, X., Zhang, H., Yu, X.: lpRide: lightweight and privacy-preserving ride matching over road networks in online ride hailing systems. IEEE Trans. Veh. Technol. 68(11), 10418–10428 (2019)

    Article  Google Scholar 

  25. Zhang, N., Zhong, S., Tian, L.: Using blockchain to protect personal privacy in the scenario of online taxi-hailing. Int. J. Comput. Commun. Control 12, 886 (2017)

    Article  Google Scholar 

  26. Zhao, Q., Zuo, C., Pellegrino, G., Lin, Z.: Geo-locating drivers: a study of sensitive data leakage in ride-hailing services. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, 24–27 February 2019. The Internet Society (2019). https://www.ndss-symposium.org/ndss-paper/geo-locating-drivers-a-study-of-sensitive-data-leakage-in-ride-hailing-services/

Download references

Acknowledgment

This work was partly supported by the Infosys Foundation Career Development Chair Professorship grant for the third author (Srinivas Vivek).

Author information

Authors and Affiliations

  1. IISc Bangalore, Bengaluru, India

    Shyam Murthy

  2. IIIT Bangalore, Bengaluru, India

    Santosh Kumar Upadhyaya & Srinivas Vivek

Authors
  1. Shyam Murthy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Santosh Kumar Upadhyaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Srinivas Vivek
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Santosh Kumar Upadhyaya .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Bombay, Mumbai, Maharashtra, India

    Vishwas T. Patil

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Ram Krishnan

  3. Indian Institute of Technology Bombay, Mumbai, Maharashtra, India

    Rudrapatna K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Murthy, S., Upadhyaya, S.K., Vivek, S. (2025). Zone Recovery Attack on a Secure Privacy-Preserving Ride-Matching Protocol. In: Patil, V.T., Krishnan, R., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2024. Lecture Notes in Computer Science, vol 15416. Springer, Cham. https://doi.org/10.1007/978-3-031-80020-7_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-80020-7_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-80019-1

  • Online ISBN: 978-3-031-80020-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation