Skip to main content

Attacks on a Privacy-Preserving Publish-Subscribe System and a Ride-Hailing Service

Part of the Lecture Notes in Computer Science book series (LNSC,volume 13129)

Abstract

A privacy-preserving Context-Aware Publish-Subscribe System (CA-PSS) enables an intermediary (broker) to match the content from a publisher and the subscription by a subscriber based on the current context while preserving confidentiality of the subscriptions and notifications. While a privacy-preserving Ride-Hailing Service (RHS) enables an intermediary (service provider) to match a ride request with a taxi driver in a privacy-friendly manner. In this work, we attack a privacy-preserving CA-PSS proposed by Nabeel et al. (2013), where we show that any entity in the system including the broker can learn the confidential subscriptions of the subscribers. We also attack a privacy-preserving RHS called lpRide proposed by Yu et al. (2019), where we show that any rider/driver can efficiently recover the secret keys of all other riders and drivers. Also, we show that any rider/driver will be able to learn the location of any rider. The attacks are based on our cryptanalysis of the modified Paillier cryptosystem proposed by Nabeel et al. that forms a building block for both the above protocols.

Keywords

  • Privacy
  • Publish-subscribe system
  • Ride-hailing service
  • Homomorphic encryption
  • Modified Paillier cryptosystem
  • lpRide

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-92641-0_4
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-92641-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)

References

  1. Baza, M., Lasla, N., Mahmoud, M., Srivastava, G., Abdallah, M.: B-Ride: Ride sharing with privacy-preservation, trust and fair payment atop public blockchain. IEEE Transactions on Network Science and Engineering, pp. 1–1 (2019)

    Google Scholar 

  2. Cui, S., Belguith, S., De Alwis, P., Asghar, M.R., Russello, G.: Collusion defender: preserving subscribers’ privacy in publish and subscribe systems. IEEE Transactions on Dependable and Secure Computing (2019)

    Google Scholar 

  3. He, Y., Ni, J., Wang, X., Niu, B., Li, F., Shen, X.: Privacy-preserving partner selection for ride-sharing services. IEEE Trans. Veh. Technol. 67(7), 5994–6005 (2018)

    CrossRef  Google Scholar 

  4. Khazbak, Y., Fan, J., Zhu, S., Cao, G.: Preserving location privacy in ride-hailing service. In: 2018 IEEE Conference on Communications and Network Security, CNS 2018, Beijing, China, May 30 - June 1, 2018, pp. 1–9. IEEE (2018)

    Google Scholar 

  5. Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.): SAC 2020. LNCS, vol. 12804. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0

    CrossRef  Google Scholar 

  6. Luo, Y., Jia, X., Shaojing, F., Ming, X.: pRide: privacy-preserving ride matching over road networks for online ride-hailing service. IEEE Trans. Inform. Forensics Secur. 14(7), 1791–1802 (2019)

    CrossRef  Google Scholar 

  7. Munster, J.: Securing publish/subscribe. Master’s thesis, University of Toronto (2018). http://msrg.org/publications/pdf. Publish-Subcribe.pdf

  8. Nabeel, M., Appel, S., Bertino, E., Buchmann, A.: Privacy preserving context aware publish subscribe systems. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 465–478. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38631-2_34

    CrossRef  Google Scholar 

  9. Nabeel, M., Appel, S., Bertino, E., Buchmann, A.P.: Privacy preserving context aware publish subscribe systems 2013–1. Technical Report CCTECH-6, Cyber Center Technical Reports, Purdue University (2013)

    Google Scholar 

  10. Nabeel, M., Bertino, E.: Attribute based group key management. Trans. Data Priv. 7(3), 309–336 (2014)

    MathSciNet  Google Scholar 

  11. NortonLifeLock. Uber Announces New Data Breach Affecting 57 million Riders and Drivers (2020). https://us.norton.com/internetsecurity-emerging-threats-uber-breach-57-million.html. Retrieved: April 10 2020

  12. Nabeel, M., Shang, N., Bertino, E.: Efficient privacy preserving content based publish subscribe systems. In: Atluri, V., Vaidya, J., Kern, A., Kantarcioglu, M. (eds.) 17th ACM Symposium on Access Control Models and Technologies, SACMAT ’12, Newark, NJ, USA - June 20–22, 2012, pp. 133–144. ACM (2012)

    Google Scholar 

  13. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16

    CrossRef  Google Scholar 

  14. Pham, A., Dacosta, I., Endignoux, G., Ramón Troncoso-Pastoriza, J., Huguenin, K., Hubaux, J.P.: ORide: a privacy-preserving yet accountable ride-hailing service. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16–18, 2017, pp. 1235–1252. USENIX Association (2017)

    Google Scholar 

  15. Pham, A., et al.: PrivateRide: a privacy-enhanced ride-hailing service. PoPETs 2017(2), 38–56 (2017)

    Google Scholar 

  16. Shahabi, C., Kolahdouzan, M.R., Sharifzadeh, M.: A road network embedding technique for k-nearest neighbor search in moving object databases. GeoInformatica 7(3), 255–273 (2003)

    CrossRef  Google Scholar 

  17. Wang, F., et al.: Efficient and privacy-preserving dynamic spatial query scheme for ride-hailing services. IEEE Trans. Veh. Technol. 67(11), 11084–11097 (2018)

    Google Scholar 

  18. Yu, H., Jia, X., Zhang, H., Yu, X., Shu, J.: PSRide: Privacy-preserving shared ride matching for online ride hailing systems. IEEE Transactions on Dependable and Secure Computing, pp. 1–1 (2019)

    Google Scholar 

  19. Haining, Y., Shu, J., Jia, X., Zhang, H., Xiangzhan, Y.: lpRide: lightweight and privacy-preserving ride matching over road networks in online ride hailing systems. IEEE Trans. Veh. Technol. 68(11), 10418–10428 (2019)

    CrossRef  Google Scholar 

Download references

Acknowledgements

This work was funded by the INSPIRE Faculty Award (by DST, Govt. of India) for the author.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Srinivas Vivek .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Vivek, S. (2021). Attacks on a Privacy-Preserving Publish-Subscribe System and a Ride-Hailing Service. In: Paterson, M.B. (eds) Cryptography and Coding. IMACC 2021. Lecture Notes in Computer Science(), vol 13129. Springer, Cham. https://doi.org/10.1007/978-3-030-92641-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92641-0_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92640-3

  • Online ISBN: 978-3-030-92641-0

  • eBook Packages: Computer ScienceComputer Science (R0)