Driver Locations Harvesting Attack on pRide Shyam Murthy000000020222322X Srinivas Vivek0000000284260859
2025-05-03
0
0
453.74KB
17 页
10玖币
侵权投诉
Driver Locations Harvesting Attack on pRide
Shyam Murthy[0000−0002−0222−322X]
Srinivas Vivek[0000−0002−8426−0859]
International Institute of Information Technology Bangalore, Bengaluru, India.
shyam.sm@iiitb.ac.in
srinivas.vivek@iiitb.ac.in
Abstract. Privacy preservation in Ride-Hailing Services (RHS) is in-
tended to protect privacy of drivers and riders. pRide, published in
IEEE Trans. Vehicular Technology 2021, is a prediction based privacy-
preserving RHS protocol to match riders with an optimum driver. In
the protocol, the Service Provider (SP) homomorphically computes Eu-
clidean distances between encrypted locations of drivers and rider. Rider
selects an optimum driver using decrypted distances augmented by a
new-ride-emergence prediction. To improve the effectiveness of driver se-
lection, the paper proposes an enhanced version where each driver gives
encrypted distances to each corner of her grid. To thwart a rider from
using these distances to launch an inference attack, the SP blinds these
distances before sharing them with the rider.
In this work, we propose a passive attack where an honest-but-curious
adversary rider who makes a single ride request and receives the blinded
distances from SP can recover the constants used to blind the distances.
Using the unblinded distances, rider to driver distance and Google Near-
est Road API, the adversary can obtain the precise locations of respond-
ing drivers. We conduct experiments with random on-road driver loca-
tions for four different cities. Our experiments show that we can deter-
mine the precise locations of at least 80% of the drivers participating in
the enhanced pRide protocol.
Keywords: Ride-Hailing Services, Privacy and Censorship, Attacks
1 Introduction
According to a recent research by MordorIntelligence [8], the global Ride-Hailing
Services (RHS) market, valued at USD 113 billion in 2020, is expected to reach
This version of the contribution has been accepted for publication, after
peer review (when applicable) but is not the Version of Record and does
not reflect post-acceptance improvements, or any corrections. The Version of
Record is available online at: http://dx.doi.org/10.1007/978-3-031-23020-2_36.
Use of this Accepted Version is subject to the publisher’s Accepted Manuscript
terms of use https://www.springernature.com/gp/open-research/policies/accepted-
manuscript-terms
Corresponding Author: Shyam Murthy, shyam.sm@iiitb.ac.in
arXiv:2210.13263v3 [cs.CR] 4 Jan 2023
2 S. Murthy and S. Vivek
USD 230 billion by 2026. With such a huge reach, individual privacy and secu-
rity issues are always of primary concern. Ride-Hailing Service Providers (SP)
like Uber, Lyft, Ola provide services in many parts of the world. Among other
features, the SP facilitates ride booking and fare payment options for their cus-
tomers, namely riders who subscribe with the SP for RHS. Drivers of vehicles
such as cars and motorcycles sign-up with the SP in order to offer rides. At the
time of subscription, the SP collects private information of riders and drivers in
order to provide services effectively as well as required by local governance laws.
In addition, the SP collects statistics of riders and drivers for every ride that
is offered in its network. This naturally brings up the topic of individual data
privacy concerns from both riders as well as drivers over their data held by the
SP. Also, curious or malicious drivers or riders might be interested in learning
more about the other parties. There are a number of works and their analysis
in the literature that look at privacy-preserving RHS, we list some of them in
Section 5.
Huang et al. proposed pRide [4], a privacy-preserving online RHS protocol
that aims to provide the optimum driver in a global perspective thereby minimiz-
ing the unnecessary travel distance to pick the rider. The protocol makes use of
a deep learning model to predict emergence of new ride requests in a ride-hailing
region to enable the SP to make use of such prediction while matching optimum
drivers to ride requests. They show that by using such a prediction model in a
global perspective, the overall distance travelled by a matching driver is mini-
mized compared with matching a nearest driver in the local region. The protocol
proposes to use a Somewhat Homomorphic Encryption (SHE) scheme to encrypt
rider and driver locations. The advantage of using a homomorphic encryption
scheme is that it allows computations on ciphertexts so that the result of compu-
tation is available only after decryption. Fully Homomorphic Encryption (FHE)
schemes that support potentially any number of homomorphic operations have
high cost in terms of large ciphertexts and high computation latency. Hence,
many practical applications that know, a priori, the bound on the number of
homomorphic operations, prefer to use SHE schemes. In the pRide paper, the
authors use the FV cryptosystem [1] in the implementation of their scheme.
Even though applications make use of semantically secure cryptosystems, care-
ful analysis is required to make sure no unintended security holes are introduced
while adapting the cryptosystem to their applications.
The pRide protocol, described in more detail in Section 2, has two parts,
the basic protocol and an enhanced version. We discuss the basic protocol in
this paragraph. In the initialization phase, SP divides the area of its operation
into grids, the details of which are made available to all parties. SP keeps a
record of ride requests emanating from each grid over specific time epochs and
trains a prediction model using this information. It then uses this information to
predict the grid-based distribution of requests for the next period, denoted by
P R(g), namely the prediction result for grid id g. Drivers, registered with the
SP, submit their current grid id to the SP so that the SP can maintain the driver
distribution map. A rider who wishes to hail a ride, picks a (public key, secret
Driver Locations Harvesting Attack on pRide 3
key) pair, encrypts her coordinates and sends the ciphertext and public key to
SP along with the ride request. When SP receives the ride request, it performs a
search for a suitable driver in a preset order of grids around the rider’s grid and
obtains a list of candidate drivers using the driver distribution map. SP then
forwards the ride request to all candidate drivers. To offer their ride, drivers
respond to SP by encrypting their location using the rider’s public key. SP then
homomorphically computes the square of the Euclidean distance between rider
and drivers’ encrypted locations and forwards the same to the rider along with
P R(g)where gis the driver’s grid id. Rider decrypts the distances and picks
the shortest distance D0. It then performs two checks over the list of sorted
distances. First, is Di−D0< D0−Ddiag?, where Diis the distance for ith driver
and Ddiag is the length of the diagonal of the grid, and second, does the model
predict no new ride request emerging in the driver’s grid within a short time
period?When both these conditions are satisfied, the rider informs SP about
the selected index iafter which the SP facilitates secure ride establishment with
the rider and selected driver.
In order to optimize their ride matching, the paper proposes enhanced pRide
built on top of the basic pRide protocol, but having a different method to pick
the optimum driver. They show that they get better results when a driver also
provides her encrypted distance to the farthest corner of her grid. This way the
rider can use that distance, instead of Ddiag in the aforementioned check to
select the optimum driver. However, the authors notice that if such a distance is
decrypted by an adversarial rider, she can launch an inference attack to obtain
driver’s locations. In order to thwart such an attack, the paper proposes a novel
method where the driver provides SP with her encrypted distances to the four
corners of her grid. SP then picks random integers to homomorphically blind
the distances before sharing the same with the rider. Rider then decrypts the
blinded distances and applies a private comparison algorithm which determines
the result of the inequality Di−D0< D0−Dmaxdist, where Dmaxdist is the
distance between the driver and the farthest corner of her grid g. Finally, using
this inequality and P R(g), it outputs the optimum selected driver.
As described earlier, in the enhanced pRide protocol, the SP homomorphi-
cally blinds the encrypted distances with random integers before sharing them
with the rider. In this paper, we show that such a blinding scheme is insecure,
whence an adversary rider can recover the underlying distances and then deduce
the locations of at least 80% of the drivers responding to a single ride request of
the rider when using the enhanced pRide protocol.
1.1 Comparison with ORide [12] Protocol
The pRide paper shows that their enhanced scheme is more effective with the
same level of security as that of the basic version with only a small compromise
in its efficiency. In addition, by way of experiments, they show their computation
Henceforth in the paper, we use the term distance to mean squared Euclidean dis-
tance.
4 S. Murthy and S. Vivek
cost is significantly better compared to a state-of-the-art protocol named ORide
[12]. We note here that the method in the basic pRide protocol where the SP
employs the homomorphic property of SHE to compute the Euclidean distance
between driver and rider to share the encrypted distances with rider is identical
to what is described in the ORide paper. The part that is different is that in the
ORide paper to pick the nearest driver, only drivers inside the rider’s grid are
chosen as candidate drivers, whereas in the pRide protocol, only drivers outside
the rider’s grid are candidate drivers so as to optimize in a global perspective.
In [5], Kumaraswamy et al. demonstrated a driver locations harvesting attack
by honest-but-curious riders on the ORide protocol, where they determine the
exact locations of 40% of drivers participating in the ORide protocol. In the same
paper, the authors also provide a mitigation solution wherein a driver gives her
perturbed location instead of her actual location. The aforementioned attack on
the ORide protocol and the mitigating solution are both applicable to the basic
pRide protocol.
In [10], Murthy et al. demonstrated a driver locations harvesting attack,
again by honest-but-curious adversary riders, using triangulation on the ORide
protocol, where they show that they can determine the exact locations of all
participating drivers in the ORide protocol. Further, they extend their method
onto the mitigation solution suggested by [5] and show that they can determine
locations of between 25% to 50% of the participating drivers.
As mentioned earlier, in the pRide protocol, the method where the rider
obtains encrypted driver distances is identical to that in the ORide protocol.
Due to this, any location harvesting attack on ORide, like in the cases of [5] and
[10], are also directly applicable to the basic pRide protocol.
1.2 Our Contribution
We present a passive driver location harvesting attack on the enhanced pRide
protocol. The honest-but-curious adversary rider issues a single ride request with
a search radius (SR) = 1, such that grids adjacent to the rider’s grid are searched
(as explained in the pRide paper, Section V-B-4, pp. 6). In our attack, the
adversary rider receives, per driver, a set of encrypted blinded distances between
the driver’s location and each corner of the driver’s grid. One would expect that
such a blinding process would make it hard for the rider to deduce anything
about the underlying distances.
Rider decrypts the ciphertexts received from SP to obtain blinded distances.
Next, by computing the Greatest Common Divisor (GCD) of the blinded dis-
tances and eliminating common factors, the rider recovers the blinding values
after which the distances are easily obtained. Rider now has the four distances
from driver to each corner of the driver’s grid. Using these distances, the rider
computes four equiprobable driver locations in each of the four grids adjacent to
the rider’s grid. This is due to the fact that the distances are in random order
and, so, there is no correlation between each corner of the grid and its distance to
the driver. Rider knows the distance between herself and each responding driver.
Now, using the distance between herself and a particular responding driver (say,
摘要:
展开>>
收起<<
DriverLocationsHarvestingAttackonpRideShyamMurthy[000000020222322X]SrinivasVivek[0000000284260859]InternationalInstituteofInformationTechnologyBangalore,Bengaluru,India.shyam.sm@iiitb.ac.insrinivas.vivek@iiitb.ac.inAbstract.PrivacypreservationinRide-HailingServices(RHS)isin-tendedtoprotectprivacyofd...
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
相关推荐
-
【词汇变形总汇】2025高考词汇变形总汇 - 教师版VIP免费
2024-12-06 3 -
【超简37页】新课标高考英语考纲3500词汇VIP免费
2024-12-06 4 -
《高考英语3500词详解》(WORD版)VIP免费
2024-12-06 13 -
《高考英语3500词详解》VIP免费
2024-12-06 11 -
高中英语-[教师版]80天通关高考3500词汇VIP免费
2024-12-06 12 -
高中人教选修7课文逐句翻译VIP免费
2024-12-06 7 -
高中人教选修7课文原文及翻译VIP免费
2024-12-06 13 -
高中人教必修4课文逐句翻译VIP免费
2024-12-06 7 -
高中人教必修4课文原文及翻译VIP免费
2024-12-06 13 -
高考英语核心高频688词汇VIP免费
2024-12-06 10
分类:图书资源
价格:10玖币
属性:17 页
大小:453.74KB
格式:PDF
时间:2025-05-03
作者详情
相关内容
-
2014年高考物理试卷(安徽)(解析卷)
分类:中学教育
时间:2025-05-05
标签:无
格式:DOCX
价格:10 玖币
-
2014年高考物理试卷(北京)(空白卷)
分类:中学教育
时间:2025-05-05
标签:无
格式:DOC
价格:10 玖币
-
2014年高考物理试卷(北京)(解析卷)
分类:中学教育
时间:2025-05-05
标签:无
格式:DOC
价格:10 玖币
-
2014年高考物理试卷(大纲版)(空白卷)
分类:中学教育
时间:2025-05-05
标签:无
格式:DOCX
价格:10 玖币
-
2014年高考物理试卷(大纲版)(解析卷)
分类:中学教育
时间:2025-05-05
标签:无
格式:DOC
价格:10 玖币
渝公网安备50010702506394
