Abstract
A privacy-preserving Context-Aware Publish-Subscribe System (CA-PSS) enables an intermediary (broker) to match the content from a publisher and the subscription by a subscriber based on the current context while preserving confidentiality of the subscriptions and notifications. While a privacy-preserving Ride-Hailing Service (RHS) enables an intermediary (service provider) to match a ride request with a taxi driver in a privacy-friendly manner. In this work, we attack a privacy-preserving CA-PSS proposed by Nabeel et al. (2013), where we show that any entity in the system including the broker can learn the confidential subscriptions of the subscribers. We also attack a privacy-preserving RHS called lpRide proposed by Yu et al. (2019), where we show that any rider/driver can efficiently recover the secret keys of all other riders and drivers. Also, we show that any rider/driver will be able to learn the location of any rider. The attacks are based on our cryptanalysis of the modified Paillier cryptosystem proposed by Nabeel et al. that forms a building block for both the above protocols.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baza, M., Lasla, N., Mahmoud, M., Srivastava, G., Abdallah, M.: B-Ride: Ride sharing with privacy-preservation, trust and fair payment atop public blockchain. IEEE Transactions on Network Science and Engineering, pp. 1–1 (2019)
Cui, S., Belguith, S., De Alwis, P., Asghar, M.R., Russello, G.: Collusion defender: preserving subscribers’ privacy in publish and subscribe systems. IEEE Transactions on Dependable and Secure Computing (2019)
He, Y., Ni, J., Wang, X., Niu, B., Li, F., Shen, X.: Privacy-preserving partner selection for ride-sharing services. IEEE Trans. Veh. Technol. 67(7), 5994–6005 (2018)
Khazbak, Y., Fan, J., Zhu, S., Cao, G.: Preserving location privacy in ride-hailing service. In: 2018 IEEE Conference on Communications and Network Security, CNS 2018, Beijing, China, May 30 - June 1, 2018, pp. 1–9. IEEE (2018)
Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.): SAC 2020. LNCS, vol. 12804. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0
Luo, Y., Jia, X., Shaojing, F., Ming, X.: pRide: privacy-preserving ride matching over road networks for online ride-hailing service. IEEE Trans. Inform. Forensics Secur. 14(7), 1791–1802 (2019)
Munster, J.: Securing publish/subscribe. Master’s thesis, University of Toronto (2018). http://msrg.org/publications/pdf. Publish-Subcribe.pdf
Nabeel, M., Appel, S., Bertino, E., Buchmann, A.: Privacy preserving context aware publish subscribe systems. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 465–478. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38631-2_34
Nabeel, M., Appel, S., Bertino, E., Buchmann, A.P.: Privacy preserving context aware publish subscribe systems 2013–1. Technical Report CCTECH-6, Cyber Center Technical Reports, Purdue University (2013)
Nabeel, M., Bertino, E.: Attribute based group key management. Trans. Data Priv. 7(3), 309–336 (2014)
NortonLifeLock. Uber Announces New Data Breach Affecting 57 million Riders and Drivers (2020). https://us.norton.com/internetsecurity-emerging-threats-uber-breach-57-million.html. Retrieved: April 10 2020
Nabeel, M., Shang, N., Bertino, E.: Efficient privacy preserving content based publish subscribe systems. In: Atluri, V., Vaidya, J., Kern, A., Kantarcioglu, M. (eds.) 17th ACM Symposium on Access Control Models and Technologies, SACMAT ’12, Newark, NJ, USA - June 20–22, 2012, pp. 133–144. ACM (2012)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16
Pham, A., Dacosta, I., Endignoux, G., Ramón Troncoso-Pastoriza, J., Huguenin, K., Hubaux, J.P.: ORide: a privacy-preserving yet accountable ride-hailing service. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16–18, 2017, pp. 1235–1252. USENIX Association (2017)
Pham, A., et al.: PrivateRide: a privacy-enhanced ride-hailing service. PoPETs 2017(2), 38–56 (2017)
Shahabi, C., Kolahdouzan, M.R., Sharifzadeh, M.: A road network embedding technique for k-nearest neighbor search in moving object databases. GeoInformatica 7(3), 255–273 (2003)
Wang, F., et al.: Efficient and privacy-preserving dynamic spatial query scheme for ride-hailing services. IEEE Trans. Veh. Technol. 67(11), 11084–11097 (2018)
Yu, H., Jia, X., Zhang, H., Yu, X., Shu, J.: PSRide: Privacy-preserving shared ride matching for online ride hailing systems. IEEE Transactions on Dependable and Secure Computing, pp. 1–1 (2019)
Haining, Y., Shu, J., Jia, X., Zhang, H., Xiangzhan, Y.: lpRide: lightweight and privacy-preserving ride matching over road networks in online ride hailing systems. IEEE Trans. Veh. Technol. 68(11), 10418–10428 (2019)
Acknowledgements
This work was funded by the INSPIRE Faculty Award (by DST, Govt. of India) for the author.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Vivek, S. (2021). Attacks on a Privacy-Preserving Publish-Subscribe System and a Ride-Hailing Service. In: Paterson, M.B. (eds) Cryptography and Coding. IMACC 2021. Lecture Notes in Computer Science(), vol 13129. Springer, Cham. https://doi.org/10.1007/978-3-030-92641-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-92641-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92640-3
Online ISBN: 978-3-030-92641-0
eBook Packages: Computer ScienceComputer Science (R0)