Skip to main content

Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE

  • 205 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 13143)

Abstract

In a typical ride-hailing service, the service provider (RS) matches a customer (RC) with the closest vehicle (RV) registered to this service. Ride-hailing services have gained tremendous popularity over the past years, and several works have been proposed to ensure privacy of riders and drivers during ride-matching. TRACE is an efficient privacy-preserving ride-hailing service proposed by Wang et al. (IEEE Trans. Vehicular Technology 2018). TRACE uses masking along with other cryptographic techniques to ensure efficient and accurate ride-matching. RS computes a (secret) spatial division of a region into quadrants. The RS uses masked location information to match RCs and RVs within a quadrant without obtaining their exact locations, thus ensuring privacy. Additionally, an RC only gets to know location of the closest RV finally matched to it, and not of other responding RVs in the region.

In this work, we disprove the privacy claims in TRACE by showing the following: a) RCs and RVs can identify the secret spatial division maintained by RS (this reveals information about the density of RVs in the region and other potential trade secrets), and b) the RS can identify exact locations of RCs and RVs (this violates location privacy). Prior to exchanging encrypted messages in the TRACE protocol, each entity masks the plaintext message with a secret unknown to others. Our attack allows other entities to recover this plaintext from the masked value by exploiting shared randomness used across different messages, that eventually leads to a system of linear equations in the unknown plaintexts. This holds even when all the participating entities are honest-but-curious. We implement our attack and demonstrate its efficiency and high success rate. For the security parameters recommended for TRACE, an RV can recover the spatial division in less than a minute, and the RS can recover the location of an RV in less than a second on a commodity laptop.

Keywords

  • Location privacy
  • Privacy-preserving protocols
  • Ride-hailing services
  • Cryptanalysis
  • Random masking

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-92518-5_21
  • Chapter length: 23 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-92518-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.

Notes

  1. 1.

    The implementation can be accessed at https://github.com/deepakkavoor/rhs-attack/tree/trace-attack.

References

  1. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_30

    CrossRef  Google Scholar 

  2. Eberly, W., Giesbrecht, M., Giorgi, P., Storjohann, A., Villard, G.: Solving sparse integer linear systems. CoRR abs/cs/0603082 (2006). http://arxiv.org/abs/cs/0603082

  3. EconomicTimes: Bengaluru techie arrested for data theft from Aadhaar website (2017). https://economictimes.indiatimes.com/small-biz/security-tech/security/ola-employee-arrested-for-data-theft-from-aadhaar-website/articleshow/59909079.cms?from=mdr. Accessed 17 June 2021

  4. Hurriyet Daily News: Istanbul taxi drivers hunt down, beat up Uber drivers as tensions rise (2018). https://www.hurriyetdailynews.com/istanbul-taxi-drivers-hunt-down-beat-up-uber-drivers-as-tensions-rise-128443. Accessed 17 June 2021

  5. Kumaraswamy, D., Murthy, S., Vivek, S.: Revisiting driver anonymity in oride. CoRR abs/2101.06419 (2021). https://arxiv.org/abs/2101.06419, to appear in SAC 2021

  6. Lu, R., Lin, X., Shen, X.: Spoc: a secure and privacy-preserving opportunistic computing framework for mobile-healthcare emergency. IEEE Trans. Parallel Distrib. Syst. 24(3), 614–624 (2013). https://doi.org/10.1109/TPDS.2012.146

    CrossRef  Google Scholar 

  7. Luo, Y., Jia, X., Fu, S., Xu, M.: pRide: privacy-preserving ride matching over road networks for online ride-hailing service. IEEE Trans. Inf. Forensics Secur. 14(7), 1791–1802 (2019). https://doi.org/10.1109/TIFS.2018.2885282

  8. NortonLifeLock: Uber Announces New Data Breach Affecting 57 million Riders and Drivers (2020). https://us.norton.com/internetsecurity-emerging-threats-uber-breach-57-million.html. Accessed 17 June 2021

  9. Pew Research Center: More Americans Are Using Ride-Hailing Apps (2019). https://www.pewresearch.org/fact-tank/2019/01/04/more-americans-are-using-ride-hailing-apps/. Accessed 17 June 2021

  10. Pham, A., Dacosta, I., Endignoux, G., Troncoso-Pastoriza, J.R., Huguenin, K., Hubaux, J.: ORide: a privacy-preserving yet accountable ride-hailing service. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 1235–1252. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/pham

  11. Pham, A., et al.: PrivateRide: a privacy-enhanced ride-hailing service. PoPETs 2017(2), 38–56 (2017). https://doi.org/10.1515/popets-2017-0015

  12. Schneider, T., Treiber, A.: A comment on privacy-preserving scalar product protocols as proposed in SPOC. IEEE Trans. Parallel Distrib. Syst. 31(3), 543–546 (2020). https://doi.org/10.1109/TPDS.2019.2939313

    CrossRef  Google Scholar 

  13. The Sage Developers: SageMath, the Sage Mathematics Software System (Version 9.0) (2021). https://www.sagemath.org

  14. Thejournal.ie: West Dublin gang using hailing apps to target older taxi drivers (2019). https://www.thejournal.ie/west-dublin-taxi-robbery-4420178-Jan2019/. Accessed 17 June 2021

  15. Vivek, S.: Attacks on a privacy-preserving publish-subscribe system and a ride-hailing service. CoRR abs/2105.04351 (2021). https://arxiv.org/abs/2105.04351, to appear in IMACC 2021

  16. Wang, F., et al.: Efficient and privacy-preserving dynamic spatial query scheme for ride-hailing services. IEEE Trans. Veh. Technol. 67(11), 11084–11097 (2018)

    CrossRef  Google Scholar 

  17. Xie, H., Guo, Y., Jia, X.: A privacy-preserving online ride-hailing system without involving a third trusted server. IEEE Trans. Inf. Forensics Secur. 16, 3068–3081 (2021). https://doi.org/10.1109/TIFS.2021.3065832

    CrossRef  Google Scholar 

  18. Yu, H., Jia, X., Zhang, H., Shu, J.: Efficient and privacy-preserving ride matching using exact road distance in online ride hailing services. IEEE Trans. Serv. Comput. 1 (2020). https://doi.org/10.1109/TSC.2020.3022875

  19. Yu, H., Shu, J., Jia, X., Zhang, H., Yu, X.: lpride: lightweight and privacy-preserving ride matching over road networks in online ride hailing systems. IEEE Trans. Veh. Technol. 68(11), 10418–10428 (2019). https://doi.org/10.1109/TVT.2019.2941761

  20. Zhao, Q., Zuo, C., Pellegrino, G., Lin, Z.: Geo-locating drivers: a study of sensitive data leakage in ride-hailing services. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, 24–27 February 2019. The Internet Society (2019). https://www.ndss-symposium.org/ndss-paper/geo-locating-drivers-a-study-of-sensitive-data-leakage-in-ride-hailing-services/

Download references

Acknowledgements

This work was partially funded by the Infosys Foundation Career Development Chair Professorship grant for Srinivas Vivek.

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Kumaraswamy, D., Vivek, S. (2021). Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE. In: Adhikari, A., Küsters, R., Preneel, B. (eds) Progress in Cryptology – INDOCRYPT 2021. INDOCRYPT 2021. Lecture Notes in Computer Science(), vol 13143. Springer, Cham. https://doi.org/10.1007/978-3-030-92518-5_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92518-5_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92517-8

  • Online ISBN: 978-3-030-92518-5

  • eBook Packages: Computer ScienceComputer Science (R0)